<?php

/**
 * g1wallet_spool.php — POST handlers for g1wallet.
 * pubkey store: receives public key after unlock, stores in channel settings.
 * broadcast relay: receives signed Duniter transaction, relays to orchestrator.
 *
 * At skeleton stage both handlers return placeholder responses.
 * The private key never reaches this file. Ever.
 */

function g1wallet_handle_pubkey_post($access) {
    // Stores the participant's Ğ1 public key in their Hubzilla channel settings.
    // Called once after first wallet unlock (and on re-unlock if key changes).
    // The public key is the only wallet-related thing the server ever stores.

    $pubkey = trim($_POST['g1_pubkey'] ?? '');

    if (!$pubkey) {
        return g1wallet_render_error('Public key is required.');
    }

    // Basic length check — Ğ1 public keys are 43–44 characters in base58.
    if (strlen($pubkey) < 43 || strlen($pubkey) > 64) {
        return g1wallet_render_error('Invalid public key format.');
    }

    // TODO: store $pubkey in Hubzilla channel settings using set_pconfig() or equivalent.
    // Placeholder: log and return success shell.
    // set_pconfig(local_channel(), 'g1wallet', 'g1_pubkey', $pubkey);

    // Return JSON for fetch() caller in g1wallet.js.
    header('Content-Type: application/json');
    echo json_encode(['status' => 'ok', 'note' => 'Pubkey storage not yet implemented.']);
    killme();
}

function g1wallet_handle_broadcast_post() {
    // Receives a signed Duniter transaction document (base64-encoded) from the browser.
    // Validates the node token, relays to the orchestrator, returns the transaction hash.
    //
    // The browser signs the document with the participant's private key (WebCrypto).
    // Only the signed bytes arrive here — never the private key.

    $signed_doc = trim($_POST['signed_doc'] ?? '');
    $doc_type   = trim($_POST['doc_type'] ?? '');   // e.g. 'transfer', 'certification'

    if (!$signed_doc || !$doc_type) {
        header('Content-Type: application/json');
        echo json_encode(['status' => 'error', 'message' => 'signed_doc and doc_type are required.']);
        killme();
    }

    // TODO: load config, relay to orchestrator POST /g1wallet/broadcast.
    // $config = g1wallet_load_config();
    // $orchestrator_url = $config['orchestrator_url'] ?? '';
    // $node_token = $config['node_token'] ?? '';
    // ... HTTP relay to orchestrator ...

    header('Content-Type: application/json');
    echo json_encode(['status' => 'ok', 'note' => 'Broadcast relay not yet implemented.']);
    killme();
}