<?php
require_once __DIR__ . '/../helpers.php';
runAuth();

/**
 * Generate Stripe-hosted onboarding link for worker's connected account
 * POST: { UserID: int }
 */

$data = readJsonBody();
$userID = (int) ($data['UserID'] ?? 0);

global $userId;
if ($userID <= 0) $userID = $userId;

if ($userID <= 0) {
    apiAbort(['OK' => false, 'ERROR' => 'missing_params', 'MESSAGE' => 'UserID is required.']);
}

try {
    $qUser = queryOne("SELECT StripeConnectedAccountID FROM Users WHERE ID = ?", [$userID]);

    if (!$qUser) {
        apiAbort(['OK' => false, 'ERROR' => 'user_not_found']);
    }

    $accountID = trim($qUser['StripeConnectedAccountID'] ?? '');

    if (empty($accountID)) {
        apiAbort(['OK' => false, 'ERROR' => 'no_stripe_account', 'MESSAGE' => 'Create a Stripe account first.']);
    }

    $stripeSecretKey = getenv('STRIPE_SECRET_KEY') ?: '';
    $base = baseUrl();

    $postFields = [
        'account' => $accountID,
        'refresh_url' => $base . '/works/stripe-return.cfm?status=refresh',
        'return_url' => $base . '/works/stripe-return.cfm?status=complete',
        'type' => 'account_onboarding',
    ];

    $ch = curl_init('https://api.stripe.com/v1/account_links');
    curl_setopt_array($ch, [
        CURLOPT_POST => true,
        CURLOPT_POSTFIELDS => http_build_query($postFields),
        CURLOPT_USERPWD => $stripeSecretKey . ':',
        CURLOPT_RETURNTRANSFER => true,
    ]);
    $result = curl_exec($ch);
    curl_close($ch);

    $linkData = json_decode($result, true);

    if (isset($linkData['error'])) {
        apiAbort(['OK' => false, 'ERROR' => $linkData['error']['message']]);
    }

    jsonResponse([
        'OK' => true,
        'ONBOARDING_URL' => $linkData['url'],
    ]);

} catch (Exception $e) {
    jsonResponse(['OK' => false, 'ERROR' => $e->getMessage()]);
}