<?php
//////////////////////
// TokenManager.php //
// DigiErbe Tresor  //
//////////////////////

class TokenManager {
    /*
     * VARIABLES
     */
    private string $tokenStoragePath; // Subdirectory under Tresor's /public directory to use to store all the token information
    private string $keyStoragePath;   // Subdirectory under Tresor's /private directory to store all keyfiles
    private int $expireDays;     // number of dates for a token to expire
    private int $maxDownloads;   // maximum number of downloads before a token becomes invalid
    private int $tokenLength;    // number of random bytes to use to create the token name
    private string $allowedUser; // the user allowed to access the token
    
    /*
     * PUBLIC FUNCTIONS
     */

    // initialize the token instance in PHP
    public function __construct(
        string $storagePath = '/tokens',
        string $keyStoragePath = '/keys',
        int $expireDays = 1,
        int $maxDownloads = 1,
        int $tokenLength = 32
    ) {
        $this->tokenStoragePath = __DIR__ . $storagePath;
        $this->keyStoragePath = substr(__DIR__, 0, strrpos(__DIR__, '/') + 1) . 'private' . $keyStoragePath;
        $this->expireDays = $expireDays;
        $this->maxDownloads = $maxDownloads;
        $this->tokenLength = $tokenLength;

        if(!is_dir($this->tokenStoragePath))
            mkdir($this->tokenStoragePath, 0755, true);
    }

    // generate a new token and save it to the file system
    public function generateToken(
        string $filename,
        string $ownerName,
        string $allowedUser
    ) {
        return (['error'=>'no token generated', 'status'=>500]);
    }

    // retrieve/download the key file connected with the token
    public function retrieveToken(string $tokenName) {
	$result = $this->validateToken($tokenName);
        if(!isset($result['success']))
            return ['error'=>'token invalid', 'status'=>422];

        // send the file name of the designated key for download
        return ['success'=>$result['success'], 'status'=>200];
    }

    // check a token and remove it when it's expired
    public function cleanupToken(string $tokenName) {

    }

    /*
     * PRIVATE FUNCTIONS
     */
    
    // check whether a token is still valid and accessible by the user requesting it
    private function validateToken($tokenName) {
        // check if tokenName is a valid hexadecimal string
        if(!ctype_xdigit($tokenName))
             return false;

        // check if token file exists and read data if so
        $tokenPath = $this->getTokenFilePath($tokenName);
        if(!file_exists($tokenPath))
            return false;
        $tokenData = json_decode(file_get_contents($tokenPath));

        // check expiry of the token
        if( new DateTime() > new DateTime($tokenData->expires))
            return false;

        // safety-check if requesting user name is matching the allowed characters (a-zA-Z0-9)
        if(preg_match('/[^a-zA-Z0-9]/', $_SERVER['PHP_AUTH_USER']))
            return false;
        // check if the requesting user is allowed to query the token
        if(levenshtein($_SERVER['PHP_AUTH_USER'], $tokenData->allowedUser))
            return false;
        // check if requesting user is allowed to retrieve the key
        $allowedUsersFilePath = __DIR__ . '/../private/keys/allowedUsers.json';
        if(!file_exists($allowedUsersFilePath))
            return false;
        $allowedUsers = json_decode(file_get_contents($allowedUsersFilePath))->{$tokenData->owner}->{$tokenData->file};
        if(array_search($_SERVER['PHP_AUTH_USER'], $allowedUsers, true) === false)
            return false;

        //all checks completed successfully
        $path = substr( __DIR__, 0, strrpos(__DIR__, '/') + 1 );
        return ['success'=>$this->keyStoragePath . '/' . $tokenData->owner . '/' . $tokenData->file, 'status'=>200];
    }

    private function getDownloadFileInfo ($tokenName) {
        $fileInfo = [];
        return null;
    }

    private function getTokenFilePath($tokenName) {
        $filePath = $this->tokenStoragePath . '/' . $tokenName . '.json';
        if(!file_exists($filePath))
            return false;
        return $filePath;
    }
}