<?php
declare(strict_types=1);

use Slim\App;
// use Slim\Middleware\Session;
use \Psr\Http\Message\ServerRequestInterface as Request;
use \Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
require '../vendor/autoload.php';
// Application middleware

// e.g: $app->add(new \Slim\Csrf\Guard);
use voku\helper\AntiXSS;


return function ($app) {
    

    $app->add(function (Request $request, RequestHandler $handler):Response{
        $antiXSS = new AntiXSS();
    
        // 過濾 $_GET 和 $_POST
        $getParams = $request->getQueryParams();
        $postParams = $request->getParsedBody();
    
        $filteredGet = array_map([$antiXSS, 'xss_clean'], $getParams);
        $filteredPost = is_array($postParams) 
            ? array_map([$antiXSS, 'xss_clean'], $postParams) 
            : $postParams;
        // die('<pre>'.print_r($filteredGet).'</pre>');
        // 更新請求
        $request = $request->withQueryParams($filteredGet);
        $request = $request->withParsedBody($filteredPost);
        $response = $handler->handle($request);
        return $response;
    });
    // $app->add(function (Request $request, RequestHandler $handler): Response {
    //     // 過濾 GET 參數
    //     $getParams = $request->getQueryParams();
    //     $filteredGet = array_map('htmlspecialchars', $getParams);
       
    //     // 過濾 POST 參數
    //     $parsedBody = (array)$request->getParsedBody();
    //     $filteredPost = array_map('htmlspecialchars', $parsedBody);
    //     // die( '<pre>'.print_r( $filteredPost ).'</pre>' );
    //     // 替換過濾後的輸入
    //     $request = $request->withQueryParams($filteredGet)
    //                        ->withParsedBody($filteredPost);
    
    //     // 傳遞給下一個 Middleware 或 Route
    //     return $handler->handle($request);
    // });
    // $app->add(new Session([
    //     'name' => 'dummy_session',
    //     'autorefresh' => true,
    //     'lifetime' => '1 hour'
    // ]));

    
    $app->add( function ( Request $request, RequestHandler $handler ) use ($app) {
        
        // die('<pre>'.print_r($handler->handle($request)).'</pre>');
        $response = $handler->handle($request);
        if( 
            strpos($_SERVER['SERVER_NAME'], '.dev')===false 
            && strpos($_SERVER['SERVER_NAME'], 'localhost' )===false
        ){
            if( strpos($_SERVER['SERVER_NAME'], 'aiacademy.')=== false || !IS_HTTPS ){
                
                $response = $app->getResponseFactory()->createResponse()
                ->withHeader('Location', 'https://jobs.aiacademy.tw')
                ->withStatus(302);
                
                // #檢查 302 屬性是否正確寫入
                // $statusCode = $response->getStatusCode();
                // $locationHeader = $response->getHeaderLine('Location');
                // #調試輸出
                // $response->getBody()->write("<p>Status Code: {$statusCode}</p>");
                //$response->getBody()->write("<p>Location Header: {$locationHeader}</p>");
                return $response;
            }
        }
            return $response;
    });

    $app->add( function ( Request $request, RequestHandler $handler ) use ($app) {
        if(isset($_COOKIE[LOGIN_TOKEN_COOKIE_KEY]) and $_COOKIE[LOGIN_TOKEN_COOKIE_KEY]){
            $user_mapper = new UserMapper($this->get(PDO::class));
            $user = $user_mapper->getUserByLoginToken($_COOKIE[LOGIN_TOKEN_COOKIE_KEY]);
            if( !$this->get(Session::class)->get(USER_ID_SESS_KEY)
                and !empty($user)
                and $user['last_login_token'] === get_logintoken($user['id'], $user['last_login_time'])
            ){
                setup_user_session($this->get(Session::class)
                                    , $user['name']
                                    , $user['email']
                                    , $user['pwd']
                                    , $user['authority']
                                    , $user['id']);
            }
        }
        return $handler->handle($request);
    });
};