<?php
declare(strict_types=1);

require __DIR__ . '/_common.php';

require_login();

function normalize_account_row(array $a): array
{
    $a['coins'] = max(0, (int)($a['coins'] ?? 0));
    return $a;
}

$method = $_SERVER['REQUEST_METHOD'];

if ($method === 'GET') {
    $list = array_map('normalize_account_row', read_store()['accounts'] ?? []);
    json_response(['ok' => true, 'accounts' => $list]);
}

if ($method === 'POST') {
    $body = require_json_body();
    $store = read_store();
    $coins = isset($body['coins']) ? (int)$body['coins'] : 0;
    $coins = max(0, $coins);
    $acc = [
        'id' => new_id(),
        'email' => trim((string)($body['email'] ?? '')),
        'displayName' => trim((string)($body['displayName'] ?? '')),
        'loginType' => in_array($body['loginType'] ?? '', ['guest', 'facebook', 'google', 'email'], true)
            ? $body['loginType'] : 'guest',
        'providerUserId' => trim((string)($body['providerUserId'] ?? '')),
        'notes' => trim((string)($body['notes'] ?? '')),
        'blocked' => !empty($body['blocked']),
        'coins' => $coins,
        'createdAt' => gmdate('c'),
        'updatedAt' => gmdate('c'),
    ];
    $store['accounts'][] = $acc;
    if (!write_store($store)) {
        json_response(['ok' => false, 'error' => 'บันทึกไม่สำเร็จ'], 500);
    }
    json_response(['ok' => true, 'account' => $acc]);
}

if ($method === 'PATCH') {
    $body = require_json_body();
    $id = trim((string)($body['id'] ?? ''));
    if ($id === '') {
        json_response(['ok' => false, 'error' => 'ระบุ id'], 400);
    }
    $store = read_store();
    $found = false;
    foreach ($store['accounts'] ?? [] as $i => $a) {
        if (($a['id'] ?? '') !== $id) {
            continue;
        }
        $found = true;
        if (array_key_exists('email', $body)) {
            $store['accounts'][$i]['email'] = trim((string)$body['email']);
        }
        if (array_key_exists('displayName', $body)) {
            $store['accounts'][$i]['displayName'] = trim((string)$body['displayName']);
        }
        if (array_key_exists('loginType', $body)) {
            $lt = $body['loginType'];
            if (in_array($lt, ['guest', 'facebook', 'google', 'email'], true)) {
                $store['accounts'][$i]['loginType'] = $lt;
            }
        }
        if (array_key_exists('providerUserId', $body)) {
            $store['accounts'][$i]['providerUserId'] = trim((string)$body['providerUserId']);
        }
        if (array_key_exists('notes', $body)) {
            $store['accounts'][$i]['notes'] = trim((string)$body['notes']);
        }
        if (array_key_exists('blocked', $body)) {
            $store['accounts'][$i]['blocked'] = !empty($body['blocked']);
        }
        if (array_key_exists('coins', $body)) {
            $store['accounts'][$i]['coins'] = max(0, (int)$body['coins']);
        }
        if (array_key_exists('coinsDelta', $body)) {
            $cur = max(0, (int)($store['accounts'][$i]['coins'] ?? 0));
            $store['accounts'][$i]['coins'] = max(0, $cur + (int)$body['coinsDelta']);
        }
        $store['accounts'][$i]['updatedAt'] = gmdate('c');
        break;
    }
    if (!$found) {
        json_response(['ok' => false, 'error' => 'ไม่พบบัญชี'], 404);
    }
    if (!write_store($store)) {
        json_response(['ok' => false, 'error' => 'บันทึกไม่สำเร็จ'], 500);
    }
    json_response(['ok' => true]);
}

if ($method === 'DELETE') {
    $id = trim((string)($_GET['id'] ?? ''));
    if ($id === '') {
        json_response(['ok' => false, 'error' => 'ระบุ id'], 400);
    }
    $store = read_store();
    $store['accounts'] = array_values(array_filter(
        $store['accounts'] ?? [],
        static fn($a) => ($a['id'] ?? '') !== $id
    ));
    if (!write_store($store)) {
        json_response(['ok' => false, 'error' => 'บันทึกไม่สำเร็จ'], 500);
    }
    json_response(['ok' => true]);
}

json_response(['ok' => false, 'error' => 'Method not allowed'], 405);