<?php
/**
 * GET /api/hub/files/download.php
 *
 * Download a file by ID.
 *
 * Query params:
 *   FileID  int  REQUIRED
 *   Thumb   int  optional  1 = return thumbnail instead
 *
 * Response: binary file stream
 */

require_once __DIR__ . '/../../helpers.php';

if ($_SERVER['REQUEST_METHOD'] !== 'GET') {
    jsonResponse(['OK' => false, 'ERROR' => 'method_not_allowed'], 405);
}

$fileId = (int) ($_GET['FileID'] ?? 0);
$thumb = (int) ($_GET['Thumb'] ?? 0);

if ($fileId <= 0) jsonResponse(['OK' => false, 'ERROR' => 'file_id_required']);

$record = queryOne("SELECT * FROM Hub_Files WHERE ID = ?", [$fileId]);
if (!$record) jsonResponse(['OK' => false, 'ERROR' => 'file_not_found']);

$path = ($thumb && $record['ThumbnailPath'])
    ? appRoot() . '/' . $record['ThumbnailPath']
    : appRoot() . '/' . $record['StoragePath'];

if (!file_exists($path)) {
    jsonResponse(['OK' => false, 'ERROR' => 'file_missing_from_disk']);
}

$mimeType = $thumb ? 'image/jpeg' : $record['MimeType'];
$fileName = $thumb ? 'thumb_' . $record['FileName'] : $record['FileName'];

header('Content-Type: ' . $mimeType);
header('Content-Disposition: inline; filename="' . addslashes($fileName) . '"');
header('Content-Length: ' . filesize($path));
header('Cache-Control: public, max-age=86400');

readfile($path);
exit;