<?php
defined('APP_DIR') or define('APP_DIR', __DIR__ . '/../app/');
include_once(APP_DIR . 'include/http.php');
include_once(APP_DIR . 'model/SecureMessage.php');
include_once(APP_DIR . 'model/User.php');

$data = User::authenticated();
if (!$data) {
    echo json_encode(['unauthorized']);
    exit();
}

/* POST API Routes */
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $params = Http::post_params();
    $action = $params['action'];

    if ($action === 'mark_unread') {
        $m = SecureMessage::getByID($params['message_id']);
        $m->is_read = true;
        $m->save();
        echo json_encode(['success']);
    } else if ($action === 'send_message') {
        $user = User::getByID($params['user_id']);
        $recipient = User::get($params['recipient']);
        if (!$recipient) {
            echo json_encode(['unknown_recipient']);
        } else {
            $m = new SecureMessage;
            $m->message = $params['message'];
            $m->sender_id = $user->id;
            $m->receiver_id = $recipient->id;
            $m->save();
            echo json_encode(['success']);
        }
    } else if ($action === 'delete_message') {
        $message = SecureMessage::getByID($params['message_id']);
        if (!$message) {
            echo json_encode(['unkown_message']);
        } else {
            $message->delete();
            echo json_encode(['success']);
        }
    }

}
?>