<?php
namespace Misuzu;

use RuntimeException;

if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
    die('Script must be called through the Misuzu route dispatcher.');

if(!$msz->authInfo->isLoggedIn)
    Template::throwError(401);

$errors = [];
$currentUser = $msz->authInfo->userInfo;
$activeSessionId = $msz->authInfo->sessionId;

while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
    $sessionId = (string)filter_input(INPUT_POST, 'session');
    $activeSessionKilled = false;

    if($sessionId === 'all') {
        $activeSessionKilled = true;
        $msz->authCtx->sessions->deleteSessions(userInfos: $currentUser);
        $msz->createAuditLog('PERSONAL_SESSION_DESTROY_ALL');
    } else {
        try {
            $sessionInfo = $msz->authCtx->sessions->getSession(sessionId: $sessionId);
        } catch(RuntimeException $ex) {}

        if(empty($sessionInfo) || $sessionInfo->userId !== $currentUser->id) {
            $errors[] = "That session doesn't exist.";
            break;
        }

        $activeSessionKilled = $sessionInfo->id === $activeSessionId;
        $msz->authCtx->sessions->deleteSessions(sessionInfos: $sessionInfo);
        $msz->createAuditLog('PERSONAL_SESSION_DESTROY', [$sessionInfo->id]);
    }

    if($activeSessionKilled) {
        Tools::redirect($msz->urls->format('index'));
        return;
    } else break;
}

$pagination = new Pagination($msz->authCtx->sessions->countSessions(userInfo: $currentUser), 10);

$sessionList = [];
$sessionInfos = $msz->authCtx->sessions->getSessions(userInfo: $currentUser, pagination: $pagination);

foreach($sessionInfos as $sessionInfo)
    $sessionList[] = [
        'info' => $sessionInfo,
        'active' => $sessionInfo->id === $activeSessionId,
    ];

Template::render('settings.sessions', [
    'errors' => $errors,
    'session_list' => $sessionList,
    'session_pagination' => $pagination,
]);