<?php
/**
 * POST /api/hub/vcgateway/invites/revoke.php
 *
 * Revoke an invite link. All visitor sessions using this link become invalid.
 * Requires agent auth (X-Agent-Address header).
 *
 * Body:
 *   ID    int    required  The invite link ID to revoke
 *
 * Response:
 *   OK
 */

require_once __DIR__ . '/../helpers.php';

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    jsonResponse(['OK' => false, 'ERROR' => 'method_not_allowed'], 405);
}

$agentAddress = requireAgentAuth();
$body = readJsonBody();

$id = (int)($body['ID'] ?? 0);
if ($id <= 0) {
    jsonResponse(['OK' => false, 'ERROR' => 'id_required'], 400);
}

// Verify the link exists and belongs to this agent (or they created it)
$link = queryOne(
    "SELECT ID, CreatedBy, IsRevoked FROM Hub_InviteLinks WHERE ID = ?",
    [$id]
);

if (!$link) {
    jsonResponse(['OK' => false, 'ERROR' => 'invite_not_found'], 404);
}

if ($link['IsRevoked']) {
    jsonResponse(['OK' => false, 'ERROR' => 'already_revoked'], 400);
}

queryTimed(
    "UPDATE Hub_InviteLinks SET IsRevoked = 1 WHERE ID = ?",
    [$id]
);

jsonResponse(['OK' => true]);