<?php
/**
 * Admin Panel Entry Point
 * Separate entry point for admin routes with enhanced security
 */

// Set error reporting based on environment
if (isset($_ENV['APP_ENV']) && $_ENV['APP_ENV'] === 'production') {
    error_reporting(0);
    ini_set('display_errors', 0);
} else {
    error_reporting(E_ALL);
    ini_set('display_errors', 1);
}

// Set timezone
date_default_timezone_set($_ENV['TIMEZONE'] ?? 'Asia/Bangkok');

// Load environment variables if .env file exists
$envFile = __DIR__.'/../.env';
if (file_exists($envFile)) {
    $lines = file($envFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
    foreach ($lines as $line) {
        if (strpos($line, '=') !== false && strpos($line, '#') !== 0) {
            list($key, $value) = explode('=', $line, 2);
            $_ENV[trim($key)] = trim($value, '"\'');
        }
    }
}

// Include autoloader for API requests
require_once __DIR__.'/../src/Core/Autoloader.php';

// Register autoloader
$autoloader = new \App\Core\Autoloader();
$autoloader->addNamespace('App', __DIR__.'/../src');
$autoloader->register();

// Load configuration
$config = require __DIR__.'/../config/app.php';

// Enhanced security for admin panel
$securityHeaders = [
    'X-Frame-Options: DENY',
    'X-Content-Type-Options: nosniff',
    'X-XSS-Protection: 1; mode=block',
    'Strict-Transport-Security: max-age=31536000; includeSubDomains',
    'Referrer-Policy: strict-origin-when-cross-origin',
    'Content-Security-Policy: default-src \'self\'; script-src \'self\' \'unsafe-inline\'; style-src \'self\' \'unsafe-inline\'; img-src \'self\' data: https:; font-src \'self\' https:'
];

foreach ($securityHeaders as $header) {
    header($header);
}

// IP whitelist check for admin (if configured)
if (!empty($_ENV['ADMIN_IP_WHITELIST'])) {
    $allowedIPs = explode(',', $_ENV['ADMIN_IP_WHITELIST']);
    $clientIP = $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR'];

    if (!in_array($clientIP, $allowedIPs)) {
        http_response_code(403);
        header('Content-Type: application/json');
        echo json_encode(['error' => 'Access denied']);
        exit;
    }
}

// Set up simple error handling
ini_set('log_errors', 1);
ini_set('error_log', __DIR__.'/../storage/logs/admin-errors.log');

// Initialize router with admin base path
$router = new \App\Core\Router($config['admin_base_path']);

// Add enhanced middleware for admin
$router->addGlobalMiddleware(\App\Middleware\SecurityMiddleware::class);
$router->addGlobalMiddleware(\App\Middleware\CorsMiddleware::class);
$router->addGlobalMiddleware(\App\Middleware\AdminSecurityMiddleware::class);

// Load routes (admin routes will be filtered by middleware)
$routeLoader = require __DIR__.'/../config/routes.php';
$routeLoader($router);

// Handle the request
try {
    $router->dispatch();
} catch (\Exception $e) {
    // Enhanced error handling for admin
    http_response_code(500);
    header('Content-Type: application/json');

    // Log admin errors with more detail
    $errorDetails = [
        'timestamp' => date('Y-m-d H:i:s'),
        'ip' => $_SERVER['REMOTE_ADDR'],
        'user_agent' => $_SERVER['HTTP_USER_AGENT'] ?? '',
        'request_uri' => $_SERVER['REQUEST_URI'],
        'method' => $_SERVER['REQUEST_METHOD'],
        'error' => $e->getMessage(),
        'file' => $e->getFile(),
        'line' => $e->getLine()
    ];

    error_log("Admin Panel Error: ".json_encode($errorDetails));

    if ($config['debug']) {
        echo json_encode([
            'error' => 'Internal Server Error',
            'message' => $e->getMessage(),
            'file' => $e->getFile(),
            'line' => $e->getLine(),
            'trace' => $e->getTrace()
        ], JSON_PRETTY_PRINT);
    } else {
        echo json_encode([
            'error' => 'Internal Server Error',
            'message' => 'An unexpected error occurred'
        ]);
    }
}