<?php
require_once __DIR__ . '/brevo-config.php';

header('Content-Type: application/json');

$origin = $_SERVER['HTTP_ORIGIN'] ?? '';
if (in_array('*', ALLOWED_ORIGINS) || in_array($origin, ALLOWED_ORIGINS)) {
    header('Access-Control-Allow-Origin: ' . (in_array('*', ALLOWED_ORIGINS) ? '*' : $origin));
} else {
    header('Access-Control-Allow-Origin: ' . (ALLOWED_ORIGINS[0] ?? '*'));
}

header('Access-Control-Allow-Methods: POST, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type');

if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    http_response_code(200);
    exit();
}

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    echo json_encode(['error' => 'Method not allowed']);
    exit();
}

if (empty(BREVO_API_KEY)) {
    http_response_code(500);
    echo json_encode([
        'error' => 'Server configuration error',
        'message' => 'Brevo API key not configured'
    ]);
    exit();
}

$input = file_get_contents('php://input');
$data = json_decode($input, true);

if (!isset($data['email']) || empty($data['email'])) {
    http_response_code(400);
    echo json_encode(['error' => 'Email required']);
    exit();
}

$email = filter_var($data['email'], FILTER_VALIDATE_EMAIL);
if ($email === false) {
    http_response_code(400);
    echo json_encode(['error' => 'Invalid email']);
    exit();
}

$brevoData = [
    'email' => $email,
    'listIds' => [BREVO_LIST_ID],
    'updateEnabled' => true
];

// Only include attributes if provided and not empty
if (isset($data['attributes']) && is_array($data['attributes']) && !empty($data['attributes'])) {
    $brevoData['attributes'] = $data['attributes'];
}

$ch = curl_init();

curl_setopt_array($ch, [
    CURLOPT_URL => BREVO_API_URL,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => json_encode($brevoData),
    CURLOPT_HTTPHEADER => [
        'Content-Type: application/json',
        'api-key: ' . BREVO_API_KEY,
        'User-Agent: Index-NGO-Newsletter'
    ],
    CURLOPT_TIMEOUT => 10,
    CURLOPT_SSL_VERIFYPEER => true
]);

$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$curlError = curl_error($ch);
curl_close($ch);

if ($response === false) {
    http_response_code(500);
    echo json_encode([
        'error' => 'Connection error',
        'details' => $curlError
    ]);
    exit();
}

$responseData = json_decode($response, true);

switch ($httpCode) {
    case 201:
    case 204:
        http_response_code(200);
        echo json_encode([
            'success' => true,
            'message' => 'Successfully subscribed',
            'email' => $email
        ]);
        break;

    case 400:
        http_response_code(400);
        $isDuplicate = isset($responseData['code']) && $responseData['code'] === 'duplicate_parameter';

        echo json_encode([
            'error' => $isDuplicate ? 'email_already_exists' : 'invalid_data',
            'message' => $isDuplicate
                ? 'This email is already subscribed to our newsletter.'
                : 'Invalid email address.',
            'user_message' => $isDuplicate
                ? 'You are already subscribed!'
                : 'Please check your email address.'
        ]);
        break;

    case 401:
        http_response_code(500);
        $isIpIssue = isset($responseData['code']) && $responseData['code'] === 'unauthorized'
                     && strpos($responseData['message'] ?? '', 'IP address') !== false;

        echo json_encode([
            'error' => $isIpIssue ? 'ip_not_authorized' : 'invalid_api_key',
            'message' => $isIpIssue
                ? 'Server IP not authorized on Brevo'
                : 'Invalid API key',
            'user_message' => 'A technical error occurred. Please try again later.',
            'admin_info' => $responseData['message'] ?? null
        ]);
        break;

    case 404:
        http_response_code(500);
        echo json_encode([
            'error' => 'list_not_found',
            'message' => 'Contact list not found',
            'user_message' => 'A technical error occurred. Please try again later.'
        ]);
        break;

    default:
        http_response_code($httpCode);
        echo json_encode([
            'error' => 'api_error',
            'message' => 'Error communicating with subscription service',
            'user_message' => 'An error occurred. Please try again.',
            'http_code' => $httpCode
        ]);
        break;
}