<?php
declare(strict_types=1);
header('Content-Type: application/json; charset=utf-8');

const N8N_URL = 'https://floryspit.app.n8n.cloud/webhook/whatsapp-chat-send';
const API_KEY = 'lc_1db45b97b8017b2403d4e81f4c54e0b0d2b7a6feeb59d352';

// Alleen POST toegestaan
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    echo json_encode(['error' => 'method not allowed']);
    exit;
}

// Body uitlezen (JSON)
$input = json_decode(file_get_contents('php://input'), true);
if (!is_array($input)) {
    http_response_code(400);
    echo json_encode(['error' => 'invalid json body']);
    exit;
}

// Valideren
$applicationId = isset($input['application_id']) ? filter_var($input['application_id'], FILTER_VALIDATE_INT) : false;
$bhRaw = $input['bullhorn_candidate_id'] ?? '';
$bullhornId = preg_match('/^[a-zA-Z0-9_-]{1,50}$/', (string)$bhRaw) ? $bhRaw : '';
$text = trim((string)($input['text'] ?? ''));
$clientMsgId = preg_match('/^[a-zA-Z0-9_-]{1,80}$/', (string)($input['client_msg_id'] ?? '')) ? $input['client_msg_id'] : '';
$mode = (($input['mode'] ?? 'text') === 'template') ? 'template' : 'text';

$hasTarget = ($applicationId !== false && $applicationId !== null) || $bullhornId !== '';

// Target altijd vereist
if (!$hasTarget) {
    http_response_code(400);
    echo json_encode(['error' => 'target required']);
    exit;
}
// Bij tekst: text + client_msg_id vereist. Bij template: geen vrije tekst nodig.
if ($mode === 'text' && ($text === '' || $clientMsgId === '')) {
    http_response_code(400);
    echo json_encode(['error' => 'text and client_msg_id required']);
    exit;
}
if (mb_strlen($text) > 4000) {
    http_response_code(400);
    echo json_encode(['error' => 'text too long']);
    exit;
}

// Doorzetten naar n8n
$payload = json_encode([
    'application_id'        => ($applicationId !== false ? $applicationId : 0),
    'bullhorn_candidate_id' => $bullhornId,
    'text'                  => $text,
    'client_msg_id'         => $clientMsgId,
    'mode'                  => $mode,
]);

$ch = curl_init(N8N_URL);
curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POST           => true,
    CURLOPT_POSTFIELDS     => $payload,
    CURLOPT_HTTPHEADER     => ['Content-Type: application/json', 'X-Api-Key: ' . API_KEY],
    CURLOPT_TIMEOUT        => 15,
]);
$response = curl_exec($ch);
$status   = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$err      = curl_error($ch);
curl_close($ch);

if ($response === false) {
    http_response_code(502);
    echo json_encode(['error' => 'upstream unreachable', 'detail' => $err]);
    exit;
}
http_response_code($status ?: 200);
echo $response;