<?php

declare(strict_types=1);

/**
 * @author Robert Strutts
 * @copyright (c) 2026, Robert Strutts
 * @license MIT
 */

namespace IOcornerstone\Framework;

use IOcornerstone\Framework\{
    Security,
    Console,
};
/**
 * Description of SiteHelper
 * Checks if IP is allowed for LIVE DEBUGGING
 *
 * @author Robert Strutts
 */
final class SiteHelper
{

    private static $local_site_domains = ['localhost'];
    private static $Private_IPs_allowed = ['127.0.0.1', '::1'];
    private static $Public_IPs_allowed = [];

    public static function setupHTTP(): void
    {
        define("PROJECT_ASSETS_DIR", BaseDir . DIRECTORY_SEPARATOR . "public" . DIRECTORY_SEPARATOR . "assets" . DIRECTORY_SEPARATOR);

        $server_port = $_SERVER['SERVER_PORT'] ?? 80;
        $secure_port_on = $_SERVER['HTTPS'] ?? "off";
        $use_secure = ($server_port == "443" || $secure_port_on == "on");
        $protocol = ($use_secure) ? "https://" : "http://";
        $domain_name = $_SERVER['HTTP_HOST'] ?? "";

        define("HTTP_PROT", $protocol);
        define("USE_SECURE", $use_secure);
        define("PROJECT_BASE_REF", $protocol . $domain_name);
        define("PROJECT_ASSETS_BASE_REF", PROJECT_BASE_REF . "/assets");
        define("ASSETS_DIR", PROJECT_ASSETS_DIR);
        define('ASSETS_BASE_REF', PROJECT_ASSETS_BASE_REF);
    }

    public static function setLocalSiteDomains(string|array $domain_name): void
    {
        if (is_array($domain_name)) {
            foreach ($domain_name as $domain) {
                self::$local_site_domains[] = $domain;
            }
        } elseif (is_string($domain_name)) {
            self::$local_site_domains[] = $domain_name;
        }
    }

    public static function setAllowedPrivateIPs(string|array $IP_addresses): void
    {
        if (is_array($IP_addresses)) {
            foreach ($IP_addresses as $IP) {
                $s_ip = Security::getValidIp($IP);
                if ($s_ip === false) {
                    continue;
                }
                self::$Private_IPs_allowed[] = $IP;
            }
        } elseif (is_string($IP_addresses)) {
            $s_ip = Security::getValidIp($IP);
            if ($s_ip === false) {
                return;
            }
            self::$Private_IPs_allowed[] = $IP_addresses;
        }
    }

    public static function setAllowedPublicIPs(string|array $IP_addresses): void
    {
        if (is_array($IP_addresses)) {
            foreach ($IP_addresses as $IP) {
                $s_ip = Security::getValidPublicIp($IP);
                if ($s_ip === false) {
                    continue;
                }
                self::$Public_IPs_allowed[] = $s_ip;
            }
        } elseif (is_string($IP_addresses)) {
            $s_ip = Security::getValidPublicIp($IP);
            if ($s_ip === false) {
                return;
            }
            self::$Public_IPs_allowed[] = $IP_addresses;
        }
    }

    public static function isServerName_A_PrivateDomain(): bool
    {
        $white_list = array_merge(self::$local_site_domains, self::$Private_IPs_allowed);
        return (Security::isServerNameOnDomainList($white_list));
    }

    public static function remoteNotAllowedForceLive(): bool
    {
        if (Console::isConsole()) {
            return false; // false to show errors and dumps
        }
        
        $s = $_SESSION['usersRights'] ?? false;
        if ($s !== false && strlen($s) > 4) {
            $rights = json_decode($s, associative: true);
            $flipped = array_flip($rights);
            if (isset($flipped['developer'])) {
                return false; // false for Developers to see Errors/Logs
            }
        }
        
        return (!self::is_allowed());
    }

    public static function is_allowed(): bool
    {
        $remote_ip = Security::getClientIpAddress();
        if (in_array($remote_ip, self::$Public_IPs_allowed)) {
            return true;
        }
        if (self::isServerName_A_PrivateDomain() && in_array($remote_ip, self::$Private_IPs_allowed)) {
            return true;
        }
        return false;
    }
}