<?php

require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/session.inc"; global $isLoggedIn; global $_PROFILE;
require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/functions.inc";
$app = $GLOBALS["ColdHazeApp"] = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/app.json"), true);
if (!$isLoggedIn) header("Location: /-/login") and die();
header("Content-Type: application/json");

$request_raw = file_get_contents('php://input');
$json_object = $data = json_decode($request_raw, true);

$systemID = $_PROFILE["login"] === "cloudburst" ? "ynmuc" : "gdapd";
$fronters = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/data/" . ($_PROFILE["login"] === "cloudburst" ? "ynmuc" : "gdapd") . "/fronters.json"), true)["members"];

if (count($fronters) > 0) {
    $myId = $fronters[0]["id"];
} else {
    $myId = "zdtsg";
}

$accounts = array_map(function ($i) {
    $name = substr($i, 0, -5);
    $data = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/data/money/" . $i), true);
    $data["_name"] = $name;
    return $data;
}, array_values(array_filter(scandir($_SERVER['DOCUMENT_ROOT'] . "/includes/data/money"), function ($i) { return !str_starts_with($i, "."); })));
$rate = (float)trim(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/exchange.txt"));

$obj = [
    "success" => false,
    "error" => null
];

if ($_SERVER["REQUEST_METHOD"] !== "POST") {
    $obj["success"] = false;
    $obj["error"] = "INVALID_METHOD";
    die(json_encode($obj, JSON_PRETTY_PRINT));
}

if (!isset($data["amount"]) || !isset($data["id"]) || !isset($data["description"])) {
    $obj["success"] = false;
    $obj["error"] = "MISSING_OPERAND";
    die(json_encode($obj, JSON_PRETTY_PRINT));
}

$account = array_values(array_filter($accounts, function ($i) use ($data) { return $i["_name"] === $data["id"]; }))[0] ?? null;

if (!isset($account)) {
    $obj["success"] = false;
    $obj["error"] = "ACCOUNT_NOT_FOUND";
    die(json_encode($obj, JSON_PRETTY_PRINT));
}

if (!(isset($data["amount"]) && is_numeric($data["amount"]) && (float)$data["amount"] < 9999 && (float)$data["amount"] > -9999)) {
    $obj["success"] = false;
    $obj["error"] = "INVALID_AMOUNT";
    die(json_encode($obj, JSON_PRETTY_PRINT));
}
if (!isset($data["description"])) $data["description"] = "";

if (strlen($data["description"]) > 150) {
    $obj["success"] = false;
    $obj["error"] = "DESCRIPTION_TOO_LONG";
    die(json_encode($obj, JSON_PRETTY_PRINT));
}

if ($data["amount"] === 0) {
    $obj["success"] = false;
    $obj["error"] = "AMOUNT_IS_ZERO";
    die(json_encode($obj, JSON_PRETTY_PRINT));
}

$ntfy = $GLOBALS["ColdHazeApp"]["ntfy"];
file_get_contents('https://' . $ntfy["server"] . '/' . $ntfy["topic"], false, stream_context_create([
    'http' => [
        'method' => 'POST',
        'header' =>
            "Content-Type: text/plain\r\n" .
            "Title: " . formatPonypush((getMember($myId)["display_name"] ?? getMember($myId)["name"]) . " created a transaction to " . $account["name"] . " (" . ucfirst($account["owner"]) . ")") . "\r\n" .
            "Tags: bits\r\n" .
            "Authorization: Basic " . base64_encode($ntfy["user"] . ":" . $ntfy["password"]),
        'content' => formatPonypush(($account["currency"] === "gbp" ? "£" : "€") . abs((float)$data["amount"]) . " were " . ((float)$data["amount"] >= 0 ? "added" : "removed") . " just now" . (trim($data["description"]) !== "" ? ": " . $data["description"] : ""))
    ]
]));

array_unshift($account["transactions"], [
    "author" => $myId,
    "description" => $data["description"],
    "amount" => (float)$data["amount"],
    "date" => date('c')
]);

$name = $account["_name"];
unset($account["_name"]);

file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/data/money/" . $name . ".json", json_encode($account, JSON_PRETTY_PRINT));

$obj["success"] = true;
die(json_encode($obj, JSON_PRETTY_PRINT));