<?php

namespace Jakach\Logging\Api;

use Jakach\Logging\Storage\Repository;

class AuthMiddleware
{
    private Repository $repo;

    public function __construct(Repository $repo)
    {
        $this->repo = $repo;
    }

    public function requireAuth(): ?array
    {
        if (session_status() === PHP_SESSION_NONE) {
            session_set_cookie_params([
                'lifetime' => 86400 * 7,
                'path' => '/',
                'httponly' => true,
                'samesite' => 'Lax',
            ]);
            session_start();
        }

        if (empty($_SESSION['loggedin']) || $_SESSION['loggedin'] !== true) {
            return null;
        }

        $allowedTokens = $this->repo->getAllowedUserTokens();
        if (!empty($allowedTokens)) {
            $userToken = $_SESSION['user_token'] ?? '';
            if (!in_array($userToken, $allowedTokens, true)) {
                return null;
            }
        }

        return [
            'username' => $_SESSION['username'] ?? 'unknown',
            'user_token' => $_SESSION['user_token'] ?? '',
            'email' => $_SESSION['email'] ?? '',
        ];
    }
}