<?php
declare(strict_types=1);

namespace Unsupervised\Schedular\Payment;

use Unsupervised\Schedular\Auth\RoleManager;

class StudioSettings {

	public const OPT_PUBLISHABLE = 'us_stripe_publishable_key';
	public const OPT_SECRET      = 'us_stripe_secret_key';
	public const OPT_MODE        = 'us_stripe_mode';
	public const OPT_CURRENCY    = 'us_currency';

	public function publishableKey(): string {
		return (string) get_option( self::OPT_PUBLISHABLE, '' );
	}

	public function secretKey(): string {
		return (string) get_option( self::OPT_SECRET, '' );
	}

	public function mode(): string {
		return 'live' === get_option( self::OPT_MODE, 'test' ) ? 'live' : 'test';
	}

	public function currency(): string {
		$currency = (string) get_option( self::OPT_CURRENCY, 'CAD' );

		return '' !== $currency ? strtoupper( $currency ) : 'CAD';
	}

	/**
	 * Whether Stripe is configured. When false the platform falls back to
	 * e-transfer billing and card processing is unavailable.
	 */
	public function isStripeConfigured(): bool {
		return '' !== $this->publishableKey() && '' !== $this->secretKey();
	}

	public function renderPage(): void {
		if ( ! current_user_can( RoleManager::CAP_MANAGE_BILLING ) ) {
			wp_die( esc_html__( 'You do not have permission to manage billing settings.', 'unsupervised-schedular' ) );
		}

		if ( isset( $_POST['usc_action'] ) && check_admin_referer( 'usc_settings_action' ) ) {
			$this->save();
		}

		$publishableKey   = $this->publishableKey();
		$secretKey        = $this->secretKey();
		$mode             = $this->mode();
		$currency         = $this->currency();
		$stripeConfigured = $this->isStripeConfigured();

		include USC_PLUGIN_DIR . 'templates/admin/settings.php';
	}

	private function save(): void {
		// Nonce is verified by the caller (renderPage) before this method runs.
		// phpcs:disable WordPress.Security.NonceVerification.Missing
		$mode = sanitize_key( wp_unslash( $_POST['mode'] ?? 'test' ) );
		update_option( self::OPT_PUBLISHABLE, sanitize_text_field( wp_unslash( $_POST['publishable_key'] ?? '' ) ) );
		update_option( self::OPT_SECRET, sanitize_text_field( wp_unslash( $_POST['secret_key'] ?? '' ) ) );
		update_option( self::OPT_MODE, 'live' === $mode ? 'live' : 'test' );
		update_option( self::OPT_CURRENCY, strtoupper( sanitize_text_field( wp_unslash( $_POST['currency'] ?? 'CAD' ) ) ) );
		// phpcs:enable WordPress.Security.NonceVerification.Missing
	}
}