<?php
/*
This API Endpoint accepts both POST and GET requests.
It receives the following parameters:
- api_key: the API key of the user.

It returns a JSON object with the following properties:
- success: whether the request was successful (boolean).
- title: the title of the response (string).
- notes: warning messages or additional information (array).
- user: an object containing the user details.

Example response:
{
  "success": true,
  "title": "user",
  "user": {
    "id": 1,
    "username": "johndoe",
    "email": "john.doe@example.com",
    "password": "********",
    "main_currency": 1,
    "avatar": "images/uploads/logos/avatars/default-avatar.jpg",
    "language": "en",
    "budget": 100,
    "totp_enabled": 0,
    "api_key": "********"
  },
  "notes": ""
}
*/

require_once '../../includes/connect_endpoint.php';

header('Content-Type: application/json; charset=UTF-8');

if ($_SERVER["REQUEST_METHOD"] === "POST" || $_SERVER["REQUEST_METHOD"] === "GET") {
    // if the parameters are not set, return an error

    if (!isset($_REQUEST['api_key'])) {
        $response = [
            "success" => false,
            "title" => "Missing parameters"
        ];
        echo json_encode($response);
        exit;
    }

    $apiKey = $_REQUEST['api_key'];

    // Get user from API key
    $sql = "SELECT * FROM user WHERE api_key = :apiKey";
    $stmt = $db->prepare($sql);
    $stmt->bindValue(':apiKey', $apiKey);
    $result = $stmt->execute();
    $user = $result->fetchArray(SQLITE3_ASSOC);

    // If the user is not found, return an error
    if (!$user) {
        $response = [
            "success" => false,
            "title" => "Invalid API key"
        ];
        echo json_encode($response);
        exit;
    }

    // remove password and api_key from array
    $user['password'] = "********";
    $user['api_key'] = "********";

    $response = [
        "success" => true,
        "title" => "user",
        "user" => $user,
        "notes" => []
    ];

    echo json_encode($response);

    $db->close();

} else {
    $response = [
        "success" => false,
        "title" => "Invalid request method"
    ];
    echo json_encode($response);
    exit;
}

?>