<?php
/**
 * API endpoint for updating a comment
 */

// Disable error display in the output
ini_set('display_errors', 0);
error_reporting(E_ALL);

// Apply rate limiting
require_once dirname(__DIR__) . '/middleware/RateLimitMiddleware.php';
RateLimitMiddleware::apply('api');

// Start output buffering
ob_start();

try {
    require_once dirname(__DIR__) . '/config/config.php';
    require_once dirname(__DIR__) . '/helpers/Database.php';
    require_once dirname(__DIR__) . '/models/CommentModel.php';
    require_once dirname(__DIR__) . '/models/AuditLogModel.php';

    // Check authentication via session
    session_start();
    if (!isset($_SESSION['user']) || !isset($_SESSION['user']['user_id'])) {
        throw new Exception("Authentication required");
    }

    // CSRF Protection
    require_once dirname(__DIR__) . '/middleware/CsrfMiddleware.php';
    if ($_SERVER['REQUEST_METHOD'] === 'POST' || $_SERVER['REQUEST_METHOD'] === 'PUT') {
        $csrfToken = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
        if (!CsrfMiddleware::validateToken($csrfToken)) {
            http_response_code(403);
            header('Content-Type: application/json');
            echo json_encode(['success' => false, 'error' => 'Invalid CSRF token']);
            exit;
        }
    }

    $currentUser = $_SESSION['user'];
    $userId = $currentUser['user_id'];
    $isAdmin = $currentUser['is_admin'] ?? false;

    // Use centralized database connection
    $conn = Database::getConnection();

    // Get POST/PUT data
    $data = json_decode(file_get_contents('php://input'), true);

    if (!$data || !isset($data['comment_id']) || !isset($data['comment_text'])) {
        throw new Exception("Missing required fields: comment_id, comment_text");
    }

    $commentId = (int)$data['comment_id'];
    $commentText = trim($data['comment_text']);
    $markdownEnabled = isset($data['markdown_enabled']) && $data['markdown_enabled'];

    if (empty($commentText)) {
        throw new Exception("Comment text cannot be empty");
    }

    // Initialize models
    $commentModel = new CommentModel($conn);
    $auditLog = new AuditLogModel($conn);

    // Update comment
    $result = $commentModel->updateComment($commentId, $commentText, $markdownEnabled, $userId, $isAdmin);

    // Log the update if successful
    if ($result['success']) {
        $auditLog->log(
            $userId,
            'update',
            'comment',
            (string)$commentId,
            ['comment_text_preview' => substr($commentText, 0, 100)]
        );
    }

    // Discard any unexpected output
    ob_end_clean();

    header('Content-Type: application/json');
    echo json_encode($result);

} catch (Exception $e) {
    ob_end_clean();
    error_log("Update comment API error: " . $e->getMessage());
    header('Content-Type: application/json');
    echo json_encode([
        'success' => false,
        'error' => 'An internal error occurred'
    ]);
}