<?php

/**
 * Name: Ğ1 Wallet
 * Description: Self-sovereign Ğ1 wallet for SASE-verified participants. Key derivation and signing in the browser. The platform never touches your keys.
 * Version: 0.2.0
 * MinVersion: 11.0
 * MaxVersion: 12.0
 */

use Zotlabs\Extend\Widget;

require_once 'addon/g1wallet/g1wallet_renderer.php';
require_once 'addon/g1wallet/g1wallet_spool.php';

function g1wallet_module() {}

function g1wallet_load() {
    register_hook('load_pdl', 'addon/g1wallet/g1wallet.php', 'g1wallet_load_pdl');
    Widget::register('addon/g1wallet/Widget/G1wallet.php', 'g1wallet');
}

function g1wallet_unload() {
    unregister_hook('load_pdl', 'addon/g1wallet/g1wallet.php', 'g1wallet_load_pdl');
    Widget::unregister('addon/g1wallet/Widget/G1wallet.php', 'g1wallet');
}

function g1wallet_load_pdl(&$b) {
    // Loads the g1wallet PDL layout for g1wallet module pages.
    if (!is_array($b) || empty($b['module']) || $b['module'] !== 'g1wallet') {
        return;
    }
    $layout = @file_get_contents('addon/g1wallet/mod_g1wallet.pdl');
    if ($layout !== false) {
        $b['layout'] = $layout;
    }
}

// -----------------------------------------------------------------------------
// HELPERS
// -----------------------------------------------------------------------------

function g1wallet_h($value) {
    // HTML-escapes a value for safe output.
    return htmlspecialchars((string) $value, ENT_QUOTES, 'UTF-8');
}

function g1wallet_load_config() {
    // Loads config.json from the addon directory. Returns array or empty array on failure.
    $raw = @file_get_contents('addon/g1wallet/config.json');
    if ($raw === false) return [];
    $cfg = json_decode($raw, true);
    return (json_last_error() === JSON_ERROR_NONE) ? $cfg : [];
}

// -----------------------------------------------------------------------------
// ACCESS
// -----------------------------------------------------------------------------

function g1wallet_access_state() {
    // Returns operator, participant, or public.
    // Does not call local_channel() for group checks — safe for guest tokens.
    // Operator: local channel whose channel_id matches local_channel().
    if (local_channel()) {
        $channel = App::get_channel();
        if (local_channel() === intval($channel['channel_id'])) {
            return 'operator';
        }
    }

    $observer = get_observer_hash();
    if (!$observer) return 'public';

    // Load all registered associations from vs01 config and check group membership.
    $raw = @file_get_contents('addon/vs01/config.json');
    if ($raw === false) return 'public';
    $cfg = json_decode($raw, true);
    if (json_last_error() !== JSON_ERROR_NONE) return 'public';

    $associations = $cfg['associations'] ?? [];
    if (empty($associations)) return 'public';

    // Direct pggrp_member query — works for guest tokens.
    foreach ($associations as $slug => $assoc) {
        $groups = $assoc['groups'] ?? [];
        foreach (['corpus_builder', 'sase_participant', 'civic_professional'] as $group_key) {
            $gid = intval($groups[$group_key] ?? 0);
            if ($gid) {
                $r = q("SELECT xchan FROM pggrp_member WHERE gid = %d AND xchan = '%s' LIMIT 1",
                    intval($gid),
                    dbesc($observer)
                );
                if ($r) return 'participant';
            }
        }
    }

    return 'public';
}

// -----------------------------------------------------------------------------
// CONTENT ROUTER
// -----------------------------------------------------------------------------

function g1wallet_content() {
    if (function_exists('head_add_css')) {
        head_add_css('/addon/g1wallet/view/css/g1wallet.css');
    }
    if (function_exists('head_add_js')) {
        // bip39 must load before g1wallet.js (g1wallet.js calls window.bip39).
        head_add_js('/addon/g1wallet/vendor/bip39-3.1.0.min.js');
        head_add_js('/addon/g1wallet/view/js/g1wallet.js');
        // Note: vendor/scrypt-js-3.0.1.min.js is NOT loaded.
        // scrypt is the obsolete Cesium1 / Duniter v1 derivation algorithm.
        // Duniter v2 / Ğecko uses entropy-as-seed (no KDF). The file is
        // retained in vendor/ for reference but is not wired anywhere.
    }

    $access    = g1wallet_access_state();
    $sub_route = strtolower(argv(1) ?? '');

    if ($access === 'public') {
        return g1wallet_render_access_wall();
    }

    switch ($sub_route) {

        case 'balance':
            // GET: return cached balance for the current session pubkey.
            // Placeholder — orchestrator query not yet implemented.
            return g1wallet_render_error('Balance fetch not yet implemented.');

        case 'broadcast':
            // POST: relay signed Duniter transaction to orchestrator.
            if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
                return g1wallet_render_error('POST required.');
            }
            if (!g1wallet_verify_csrf()) {
                return g1wallet_render_error('Invalid form token. Please reload and try again.');
            }
            return g1wallet_handle_broadcast_post();

        case 'pubkey':
            // POST: store public key in channel settings after unlock.
            if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
                return g1wallet_render_error('POST required.');
            }
            if (!g1wallet_verify_csrf()) {
                return g1wallet_render_error('Invalid form token. Please reload and try again.');
            }
            return g1wallet_handle_pubkey_post($access);

        default:
            // Wallet landing: unlock form or unlocked interface.
            return g1wallet_render_landing($access);
    }
}

// -----------------------------------------------------------------------------
// CSRF
// -----------------------------------------------------------------------------

function g1wallet_csrf_token() {
    // Generates and stores a CSRF token for the current session.
    if (empty($_SESSION['g1wallet_csrf'])) {
        $_SESSION['g1wallet_csrf'] = bin2hex(random_bytes(16));
    }
    return '<input type="hidden" name="g1wallet_csrf" value="'
         . g1wallet_h($_SESSION['g1wallet_csrf']) . '">';
}

function g1wallet_verify_csrf() {
    // Returns true if the CSRF token in POST matches the session token.
    return isset($_POST['g1wallet_csrf'], $_SESSION['g1wallet_csrf'])
        && hash_equals($_SESSION['g1wallet_csrf'], $_POST['g1wallet_csrf']);
}