<?php
/**
 * Configuration file for Ziti Router Enrollment UI
 */

// Start session if not already started
if (session_status() === PHP_SESSION_NONE) {
    session_start();
}

// Application configuration
define('APP_NAME', 'ZitiNexus Router Enrollment');
define('APP_VERSION', '1.0.0');

// Default API configuration
define('DEFAULT_API_ENDPOINT', 'https://backend.zitinexus.com');

// File paths (matching the bash script)
define('CONFIG_DIR', '/etc/zitirouter');
define('CERTS_DIR', CONFIG_DIR . '/certs');
define('ROUTER_CONFIG', CONFIG_DIR . '/router.yaml');
define('JWT_FILE', CONFIG_DIR . '/enrollment.jwt');
define('LOG_FILE', '/var/log/ziti-router-enrollment.log');
define('SYSTEMD_SERVICE_FILE', '/etc/systemd/system/ziti-router.service');

// UI specific paths
define('UI_LOG_DIR', __DIR__ . '/../logs');
define('UI_TEMP_DIR', __DIR__ . '/../temp');

// Authentication
define('ADMIN_USERNAME', 'admin');
define('ADMIN_PASSWORD_HASH', password_hash('admin123', PASSWORD_DEFAULT)); // Change this in production

// Security settings
define('SESSION_TIMEOUT', 3600); // 1 hour
define('CSRF_TOKEN_NAME', 'csrf_token');

// System commands
define('SYSTEMCTL_CMD', 'systemctl');
define('HOSTNAME_CMD', 'hostname');
define('ZITI_CMD', 'ziti');

/**
 * Check if user is authenticated
 */
function isAuthenticated() {
    return isset($_SESSION['authenticated']) && $_SESSION['authenticated'] === true;
}

/**
 * Check if session is valid
 */
function isSessionValid() {
    if (!isset($_SESSION['last_activity'])) {
        return false;
    }
    
    if (time() - $_SESSION['last_activity'] > SESSION_TIMEOUT) {
        session_destroy();
        return false;
    }
    
    $_SESSION['last_activity'] = time();
    return true;
}

/**
 * Generate CSRF token
 */
function generateCSRFToken() {
    if (!isset($_SESSION[CSRF_TOKEN_NAME])) {
        $_SESSION[CSRF_TOKEN_NAME] = bin2hex(random_bytes(32));
    }
    return $_SESSION[CSRF_TOKEN_NAME];
}

/**
 * Verify CSRF token
 */
function verifyCSRFToken($token) {
    return isset($_SESSION[CSRF_TOKEN_NAME]) && hash_equals($_SESSION[CSRF_TOKEN_NAME], $token);
}

/**
 * Sanitize input
 */
function sanitizeInput($input) {
    return htmlspecialchars(trim($input), ENT_QUOTES, 'UTF-8');
}

/**
 * Log message to file
 */
function logMessage($level, $message) {
    $timestamp = date('Y-m-d H:i:s');
    $logEntry = "[$timestamp] [$level] $message" . PHP_EOL;
    
    // Try to write to system log first
    if (is_writable(dirname(LOG_FILE))) {
        file_put_contents(LOG_FILE, $logEntry, FILE_APPEND | LOCK_EX);
    }
    
    // Also write to UI log
    $uiLogFile = UI_LOG_DIR . '/ui-enrollment.log';
    if (!is_dir(UI_LOG_DIR)) {
        mkdir(UI_LOG_DIR, 0755, true);
    }
    file_put_contents($uiLogFile, $logEntry, FILE_APPEND | LOCK_EX);
}

/**
 * Check if running as root/admin
 */
function isRunningAsRoot() {
    return posix_getuid() === 0;
}

/**
 * Execute system command safely
 */
function executeCommand($command, &$output = null, &$returnCode = null) {
    $descriptorspec = [
        0 => ['pipe', 'r'],  // stdin
        1 => ['pipe', 'w'],  // stdout
        2 => ['pipe', 'w']   // stderr
    ];
    
    $process = proc_open($command, $descriptorspec, $pipes);
    
    if (is_resource($process)) {
        fclose($pipes[0]);
        
        $stdout = stream_get_contents($pipes[1]);
        $stderr = stream_get_contents($pipes[2]);
        
        fclose($pipes[1]);
        fclose($pipes[2]);
        
        $returnCode = proc_close($process);
        $output = trim($stdout . $stderr);
        
        return $returnCode === 0;
    }
    
    return false;
}

/**
 * Get the correct asset path based on current directory structure
 */
function getAssetPath($asset) {
    // Determine if we're in the public directory or main directory
    $currentDir = dirname($_SERVER['SCRIPT_FILENAME']);
    $publicDir = realpath(__DIR__ . '/../public');
    
    if ($currentDir === $publicDir) {
        // We're in the public directory, use relative paths
        return '../assets/' . ltrim($asset, '/');
    } else {
        // We're in the main directory, use direct paths
        return 'assets/' . ltrim($asset, '/');
    }
}

/**
 * Get base URL for the application
 */
function getBaseUrl() {
    $protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http';
    $host = $_SERVER['HTTP_HOST'];
    $scriptName = $_SERVER['SCRIPT_NAME'];
    
    // Remove the script filename to get the base path
    $basePath = dirname($scriptName);
    if ($basePath === '/') {
        $basePath = '';
    }
    
    return $protocol . '://' . $host . $basePath;
}
?>