<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;
use Illuminate\Support\Facades\Http;
use GuzzleHttp\Cookie\CookieJar;

class CheckWordPressAuthenticated {
    /**
     * Handle an incoming request.
     *
     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
     */
    public function handle(Request $request, Closure $next): Response {


        $domain = $_SERVER['HTTP_HOST'];

        // 取得 Cookie 內的加密 `nonce`
        $encrypted_nonce = $_COOKIE['encrypted_nonce'] ?? '';

        // 取得與加密時相同的密鑰
        $key = getenv('WP_NONCE_SECRET_KEY') ?: 'your-secret-key';

        $decrypted_nonce = openssl_decrypt($encrypted_nonce, 'AES-256-CBC', $key, 0, 7362598873625988);

        $url = "http://$domain/wp-json/wp/v2/users/me";

        $response = Http::withoutVerifying()
            ->withCookies($_COOKIE, $domain)
            ->withHeaders([
                'X-WP-Nonce'      => $decrypted_nonce
            ])
            ->get($url);
        $data = $response->json();
        // dd($data, $_COOKIE, $decrypted_nonce);
        if (!empty($data['id']) && !empty($data['name'])) {
            // write into session
            session(['wp_user' => $data]);
            return $next($request);
        } else {
            return redirect("http://$domain/");
        }
    }
}