/**
 * Descomplicar® Crescimento Digital
 * https://descomplicar.pt
 */

<?php

/**
 * Desk_moloni_config_model.php
 * 
 * Model for desk_moloni_config table
 * Handles secure storage of API credentials and module configuration
 * 
 * @package DeskMoloni\Models
 * @author Database Design Specialist
 * @version 3.0
 */

defined('BASEPATH') or exit('No direct script access allowed');

require_once(dirname(__FILE__) . '/Desk_moloni_model.php');

class Desk_moloni_config_model extends Desk_moloni_model
{
    /**
     * Table name - must match Perfex CRM naming convention
     */
    private $table = 'tbldeskmoloni_config';
    
    /**
     * Sensitive configuration keys that should be encrypted
     */
    private $sensitiveKeys = [
        'oauth_client_secret',
        'oauth_access_token', 
        'oauth_refresh_token',
        'api_key',
        'webhook_secret'
    ];
    
    public function __construct()
    {
        parent::__construct();
        // Use Perfex CRM table naming convention: tbl + module_prefix + table_name
        $this->table = 'tbldeskmoloni_config';
    }
    
    /**
     * Get configuration value by key
     * 
     * @param string $key Configuration key
     * @param mixed $default Default value if key not found
     * @return mixed Configuration value
     */
    public function get(string $key, mixed $default = null): mixed
    {
        try {
            $query = $this->db->where('setting_key', $key)->get($this->table);
            
            if ($query->num_rows() === 0) {
                return $default;
            }
            
            $row = $query->row();
            
            // Decrypt if encrypted
            if ($row->encrypted == 1) {
                return $this->decryptData($row->setting_value);
            }
            
            return $row->setting_value;
            
        } catch (Exception $e) {
            log_message('error', 'Desk-Moloni config get error: ' . $e->getMessage());
            return $default;
        }
    }
    
    /**
     * Set configuration value
     * 
     * @param string $key Configuration key
     * @param mixed $value Configuration value
     * @param bool $forceEncryption Force encryption regardless of key type
     * @return bool Success status
     */
    public function set(string $key, mixed $value, bool $forceEncryption = false): bool
    {
        try {
            // Validate input
            $validationErrors = $this->validateConfigData(['setting_key' => $key, 'setting_value' => $value]);
            if (!empty($validationErrors)) {
                throw new Exception('Validation failed: ' . implode(', ', $validationErrors));
            }
            
            // Determine if value should be encrypted
            $shouldEncrypt = $forceEncryption || $this->isSensitiveKey($key);
            
            // Prepare data
            $data = [
                'setting_key' => $key,
                'setting_value' => $shouldEncrypt ? $this->encryptData($value) : $value,
                'encrypted' => $shouldEncrypt ? 1 : 0,
                'updated_at' => date('Y-m-d H:i:s')
            ];
            
            // Check if key exists
            $existing = $this->db->where('setting_key', $key)->get($this->table);
            
            if ($existing->num_rows() > 0) {
                // Update existing
                $result = $this->db->where('setting_key', $key)->update($this->table, $data);
                $this->logDatabaseOperation('update', $this->table, $data, $existing->row()->id);
            } else {
                // Insert new
                $data['created_at'] = date('Y-m-d H:i:s');
                $result = $this->db->insert($this->table, $data);
                $this->logDatabaseOperation('create', $this->table, $data, $this->db->insert_id());
            }
            
            return $result;
            
        } catch (Exception $e) {
            log_message('error', 'Desk-Moloni config set error: ' . $e->getMessage());
            return false;
        }
    }
    
    /**
     * Delete configuration key
     * 
     * @param string $key Configuration key
     * @return bool Success status
     */
    public function delete(string $key): bool
    {
        try {
            $existing = $this->db->where('setting_key', $key)->get($this->table);
            
            if ($existing->num_rows() === 0) {
                return true; // Already doesn't exist
            }
            
            $result = $this->db->where('setting_key', $key)->delete($this->table);
            $this->logDatabaseOperation('delete', $this->table, ['setting_key' => $key], $existing->row()->id);
            
            return $result;
            
        } catch (Exception $e) {
            log_message('error', 'Desk-Moloni config delete error: ' . $e->getMessage());
            return false;
        }
    }
    
    /**
     * Get all configuration values
     * 
     * @param bool $includeEncrypted Whether to decrypt encrypted values
     * @return array Configuration array
     */
    public function getAll(bool $includeEncrypted = true): array
    {
        try {
            $query = $this->db->get($this->table);
            $config = [];
            
            foreach ($query->result() as $row) {
                if ($row->encrypted == 1 && $includeEncrypted) {
                    $config[$row->setting_key] = $this->decryptData($row->setting_value);
                } elseif ($row->encrypted == 0) {
                    $config[$row->setting_key] = $row->setting_value;
                }
                // Skip encrypted values if includeEncrypted is false
            }
            
            return $config;
            
        } catch (Exception $e) {
            log_message('error', 'Desk-Moloni config getAll error: ' . $e->getMessage());
            return [];
        }
    }
    
    /**
     * Get configuration keys by pattern
     * 
     * @param string $pattern LIKE pattern for key matching
     * @param bool $includeEncrypted Whether to decrypt encrypted values
     * @return array Matching configuration
     */
    public function getByPattern($pattern, $includeEncrypted = true)
    {
        try {
            $query = $this->db->like('setting_key', $pattern)->get($this->table);
            $config = [];
            
            foreach ($query->result() as $row) {
                if ($row->encrypted == 1 && $includeEncrypted) {
                    $config[$row->setting_key] = $this->decryptData($row->setting_value);
                } elseif ($row->encrypted == 0) {
                    $config[$row->setting_key] = $row->setting_value;
                }
            }
            
            return $config;
            
        } catch (Exception $e) {
            log_message('error', 'Desk-Moloni config getByPattern error: ' . $e->getMessage());
            return [];
        }
    }
    
    /**
     * Get OAuth configuration
     * 
     * @return array OAuth configuration
     */
    public function getOAuthConfig()
    {
        $oauthKeys = [
            'oauth_client_id',
            'oauth_client_secret', 
            'oauth_access_token',
            'oauth_refresh_token',
            'oauth_token_expires_at'
        ];
        
        $config = [];
        foreach ($oauthKeys as $key) {
            $config[$key] = $this->get($key);
        }
        
        return $config;
    }
    
    /**
     * Set OAuth tokens
     * 
     * @param array $tokens OAuth token data
     * @return bool Success status
     */
    public function setOAuthTokens($tokens)
    {
        try {
            $requiredTokens = ['access_token', 'refresh_token', 'expires_in'];
            
            foreach ($requiredTokens as $required) {
                if (!isset($tokens[$required])) {
                    throw new Exception("Missing required OAuth token: {$required}");
                }
            }
            
            // Calculate expiration timestamp
            $expiresAt = date('Y-m-d H:i:s', time() + (int)$tokens['expires_in']);
            
            $success = true;
            $success &= $this->set('oauth_access_token', $tokens['access_token']);
            $success &= $this->set('oauth_refresh_token', $tokens['refresh_token']);
            $success &= $this->set('oauth_token_expires_at', $expiresAt);
            
            return $success;
            
        } catch (Exception $e) {
            log_message('error', 'Desk-Moloni OAuth tokens error: ' . $e->getMessage());
            return false;
        }
    }
    
    /**
     * Check if OAuth tokens are valid and not expired
     * 
     * @return bool True if tokens are valid
     */
    public function isOAuthValid()
    {
        try {
            $accessToken = $this->get('oauth_access_token');
            $expiresAt = $this->get('oauth_token_expires_at');
            
            if (empty($accessToken) || empty($expiresAt)) {
                return false;
            }
            
            // Check if token is expired (with 5-minute buffer)
            $expirationTime = strtotime($expiresAt) - 300; // 5 minutes buffer
            return time() < $expirationTime;
            
        } catch (Exception $e) {
            log_message('error', 'Desk-Moloni OAuth validation error: ' . $e->getMessage());
            return false;
        }
    }
    
    /**
     * Get API configuration
     * 
     * @return array API configuration
     */
    public function getAPIConfig()
    {
        return [
            'base_url' => $this->get('api_base_url', 'https://api.moloni.pt/v1/'),
            'timeout' => (int)$this->get('api_timeout', 30),
            'company_id' => $this->get('moloni_company_id'),
            'access_token' => $this->get('oauth_access_token')
        ];
    }
    
    /**
     * Check if configuration key is sensitive and should be encrypted
     * 
     * @param string $key Configuration key
     * @return bool True if key is sensitive
     */
    private function isSensitiveKey($key)
    {
        return in_array($key, $this->sensitiveKeys) || 
               strpos($key, 'password') !== false ||
               strpos($key, 'secret') !== false ||
               strpos($key, 'token') !== false ||
               strpos($key, 'key') !== false;
    }
    
    /**
     * Validate configuration data
     * 
     * @param array $data Configuration data to validate
     * @return array Validation errors
     */
    private function validateConfigData($data)
    {
        $errors = [];
        
        // Required fields
        $requiredFields = ['setting_key'];
        $errors = array_merge($errors, $this->validateRequiredFields($data, $requiredFields));
        
        // Field length limits
        $fieldLimits = [
            'setting_key' => 255
        ];
        $errors = array_merge($errors, $this->validateFieldLengths($data, $fieldLimits));
        
        // Key format validation
        if (isset($data['setting_key'])) {
            if (!preg_match('/^[a-z0-9_]+$/', $data['setting_key'])) {
                $errors[] = 'Setting key must contain only lowercase letters, numbers, and underscores';
            }
        }
        
        return $errors;
    }
    
    /**
     * Initialize default configuration values
     * 
     * @return bool Success status
     */
    public function initializeDefaults()
    {
        $defaults = [
            'api_base_url' => 'https://api.moloni.pt/v1/',
            'api_timeout' => '30',
            'sync_enabled' => '1',
            'sync_interval_minutes' => '15',
            'max_retry_attempts' => '3',
            'log_retention_days' => '365',
            'queue_batch_size' => '50',
            'encryption_algorithm' => 'AES-256-GCM'
        ];
        
        $success = true;
        
        foreach ($defaults as $key => $value) {
            // Only set if not already exists
            if ($this->get($key) === null) {
                $success &= $this->set($key, $value);
            }
        }
        
        return $success;
    }
    
    /**
     * Export configuration for backup (excluding sensitive data)
     * 
     * @return array Non-sensitive configuration data
     */
    public function exportConfig()
    {
        try {
            $allConfig = $this->getAll(false); // Don't include encrypted values
            
            // Remove sensitive keys entirely from export
            foreach ($this->sensitiveKeys as $sensitiveKey) {
                unset($allConfig[$sensitiveKey]);
            }
            
            return $allConfig;
            
        } catch (Exception $e) {
            log_message('error', 'Desk-Moloni config export error: ' . $e->getMessage());
            return [];
        }
    }
    
    /**
     * Clear all OAuth tokens (for logout/revoke)
     * 
     * @return bool Success status
     */
    public function clearOAuthTokens()
    {
        $success = true;
        $oauthKeys = ['oauth_access_token', 'oauth_refresh_token', 'oauth_token_expires_at'];
        
        foreach ($oauthKeys as $key) {
            $success &= $this->delete($key);
        }
        
        return $success;
    }
}