<?php
declare(strict_types=1);

namespace Unsupervised\Schedular\Payment;

use Unsupervised\Schedular\Auth\RoleManager;
use Unsupervised\Schedular\Val;

class StudioSettings {

	public const OPT_PUBLISHABLE     = 'us_stripe_publishable_key';
	public const OPT_SECRET          = 'us_stripe_secret_key';
	public const OPT_WEBHOOK_SECRET  = 'us_stripe_webhook_secret';
	public const OPT_MODE            = 'us_stripe_mode';
	public const OPT_CURRENCY        = 'us_currency';
	public const OPT_ETRANSFER_EMAIL = 'us_etransfer_email';
	public const OPT_HST_RATE        = 'us_hst_rate';

	public function publishableKey(): string {
		return Val::string( get_option( self::OPT_PUBLISHABLE, '' ) );
	}

	public function secretKey(): string {
		return Val::string( get_option( self::OPT_SECRET, '' ) );
	}

	/**
	 * The Stripe webhook signing secret (`whsec_…`) used to verify that incoming
	 * webhook requests genuinely came from Stripe. Empty until configured.
	 */
	public function webhookSecret(): string {
		return Val::string( get_option( self::OPT_WEBHOOK_SECRET, '' ) );
	}

	public function mode(): string {
		return 'live' === get_option( self::OPT_MODE, 'test' ) ? 'live' : 'test';
	}

	public function currency(): string {
		$currency = Val::string( get_option( self::OPT_CURRENCY, 'CAD' ) );

		return '' !== $currency ? strtoupper( $currency ) : 'CAD';
	}

	/**
	 * The studio-default e-transfer destination email (used when an offering has
	 * no override).
	 */
	public function etransferEmail(): string {
		return Val::string( get_option( self::OPT_ETRANSFER_EMAIL, '' ) );
	}

	/**
	 * Default HST/tax rate as a percentage (e.g. 13.0). 0 means no tax.
	 */
	public function hstRate(): float {
		return max( 0.0, Val::float( get_option( self::OPT_HST_RATE, 0 ) ) );
	}

	/**
	 * Whether Stripe is configured. When false the platform falls back to
	 * e-transfer billing and card processing is unavailable.
	 */
	public function isStripeConfigured(): bool {
		return '' !== $this->publishableKey() && '' !== $this->secretKey();
	}

	public function renderPage(): void {
		if ( ! current_user_can( RoleManager::CAP_MANAGE_BILLING ) ) {
			wp_die( esc_html__( 'You do not have permission to manage billing settings.', 'unsupervised-schedular' ) );
		}

		if ( isset( $_POST['usc_action'] ) && check_admin_referer( 'usc_settings_action' ) ) {
			$this->save();
		}

		$publishableKey = $this->publishableKey();
		// Secrets are write-only in the UI: never echo a stored secret back into the
		// page. We only surface whether one is set so the field can be left blank to
		// keep the existing value.
		$secretKeySet     = '' !== $this->secretKey();
		$webhookSecretSet = '' !== $this->webhookSecret();
		$webhookUrl       = rest_url( 'us-scheduler/v1/payments/webhook' );
		$mode             = $this->mode();
		$currency         = $this->currency();
		$etransferEmail   = $this->etransferEmail();
		$hstRate          = $this->hstRate();
		$stripeConfigured = $this->isStripeConfigured();

		include USC_PLUGIN_DIR . 'templates/admin/settings.php';
	}

	private function save(): void {
		// Nonce is verified by the caller (renderPage) before this method runs.
		// phpcs:disable WordPress.Security.NonceVerification.Missing
		$mode = sanitize_key( Val::string( wp_unslash( $_POST['mode'] ?? 'test' ) ) );
		update_option( self::OPT_PUBLISHABLE, sanitize_text_field( Val::string( wp_unslash( $_POST['publishable_key'] ?? '' ) ) ) );
		// Secret fields are write-only: a blank submission keeps the stored secret,
		// so an admin saving other settings never wipes the keys.
		$secretKey = sanitize_text_field( Val::string( wp_unslash( $_POST['secret_key'] ?? '' ) ) );
		if ( '' !== $secretKey ) {
			update_option( self::OPT_SECRET, $secretKey );
		}
		$webhookSecret = sanitize_text_field( Val::string( wp_unslash( $_POST['webhook_secret'] ?? '' ) ) );
		if ( '' !== $webhookSecret ) {
			update_option( self::OPT_WEBHOOK_SECRET, $webhookSecret );
		}
		update_option( self::OPT_MODE, 'live' === $mode ? 'live' : 'test' );
		update_option( self::OPT_CURRENCY, strtoupper( sanitize_text_field( Val::string( wp_unslash( $_POST['currency'] ?? 'CAD' ) ) ) ) );
		update_option( self::OPT_ETRANSFER_EMAIL, sanitize_email( Val::string( wp_unslash( $_POST['etransfer_email'] ?? '' ) ) ) );
		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Val::float() coerces to float; slashes cannot survive numeric coercion.
		$hstRate = isset( $_POST['hst_rate'] ) ? Val::float( $_POST['hst_rate'] ) : 0.0;
		update_option( self::OPT_HST_RATE, max( 0.0, $hstRate ) );
		// phpcs:enable WordPress.Security.NonceVerification.Missing
	}
}