<?php

ini_set('display_startup_errors', '0');
ini_set('display_errors', '0');

function proxy_env($name, $default)
{
    $value = getenv($name);
    return $value === false || $value === '' ? $default : $value;
}

function proxy_json($statusCode, $payload)
{
    http_response_code($statusCode);
    header('Content-Type: application/json');
    echo json_encode($payload);
    exit;
}

function proxy_header($name)
{
    $key = 'HTTP_'.strtoupper(str_replace('-', '_', $name));
    return isset($_SERVER[$key]) ? $_SERVER[$key] : '';
}

$path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
$endpoint = ltrim($path, '/');

if ($endpoint === '' || $endpoint === 'healthz') {
    proxy_json(200, array('status' => 1, 'msg' => 'SPOTA proxy is running'));
}

$endpoint = basename($endpoint);
$allowedEndpoints = array_filter(array_map('trim', explode(',', proxy_env('SPOTA_ALLOWED_ENDPOINTS', 'login.php'))));

if (!in_array($endpoint, $allowedEndpoints, true)) {
    proxy_json(404, array('status' => 0, 'msg' => 'Endpoint not allowed'));
}

$token = proxy_env('PROXY_TOKEN', '');
if ($token !== '') {
    $providedToken = proxy_header('X-Proxy-Token');
    if ($providedToken === '' && isset($_GET['proxy_token'])) {
        $providedToken = $_GET['proxy_token'];
        unset($_GET['proxy_token']);
    }

    if (!hash_equals($token, $providedToken)) {
        proxy_json(401, array('status' => 0, 'msg' => 'Unauthorized'));
    }
}

$baseUrl = rtrim(proxy_env('SPOTA_BASE_URL', 'https://spota.untan.ac.id/steven/API'), '/');
$targetUrl = $baseUrl.'/'.$endpoint;

if (!empty($_GET)) {
    $targetUrl .= '?'.http_build_query($_GET);
}

$method = strtoupper($_SERVER['REQUEST_METHOD']);
$body = file_get_contents('php://input');
$headers = array('Accept: application/json');
$contentType = isset($_SERVER['CONTENT_TYPE']) ? trim($_SERVER['CONTENT_TYPE']) : '';

if ($contentType !== '') {
    $headers[] = 'Content-Type: '.$contentType;
}

$ch = curl_init($targetUrl);
curl_setopt_array($ch, array(
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_CONNECTTIMEOUT => (int) proxy_env('CONNECT_TIMEOUT', '10'),
    CURLOPT_TIMEOUT => (int) proxy_env('REQUEST_TIMEOUT', '30'),
    CURLOPT_IPRESOLVE => CURL_IPRESOLVE_V4,
    CURLOPT_HTTPHEADER => $headers,
));

if ($method === 'POST') {
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $body !== '' ? $body : http_build_query($_POST));
} elseif ($method !== 'GET') {
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
    if ($body !== '') {
        curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
    }
}

$response = curl_exec($ch);

if ($response === false) {
    error_log('SPOTA proxy failed for '.$endpoint.': '.curl_error($ch));
    curl_close($ch);
    proxy_json(502, array('status' => 0, 'msg' => 'Tidak dapat terhubung ke server SPOTA.'));
}

$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$responseType = curl_getinfo($ch, CURLINFO_CONTENT_TYPE);
curl_close($ch);

http_response_code($httpCode > 0 ? $httpCode : 200);
header('Content-Type: '.($responseType !== null && $responseType !== '' ? $responseType : 'application/json'));
echo $response;