<?php
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type');

if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    http_response_code(204);
    exit;
}

require_once __DIR__ . '/db.php';

$method = $_SERVER['REQUEST_METHOD'];
$input  = json_decode(file_get_contents('php://input'), true) ?? [];
$action = $_GET['action'] ?? $input['action'] ?? null;

try {
    switch ($action) {

        case 'list':
            $filter   = $_GET['filter']   ?? 'all';
            $service  = $_GET['service']  ?? '';
            $type     = $_GET['type']     ?? '';
            $forWhom  = $_GET['for_whom'] ?? '';
            $search   = $_GET['search']   ?? '';

            $where  = [];
            $params = [];

            if ($filter === 'watched') {
                $where[] = 'watched = 1';
            } elseif ($filter === 'unwatched') {
                $where[] = 'watched = 0';
            }

            if ($service !== '') {
                $where[]  = 'streaming_service = ?';
                $params[] = $service;
            }

            if ($type !== '') {
                $where[]  = 'type = ?';
                $params[] = $type;
            }

            if ($forWhom !== '') {
                $where[]  = 'for_whom = ?';
                $params[] = $forWhom;
            }

            if ($search !== '') {
                $where[]  = 'title LIKE ?';
                $params[] = '%' . $search . '%';
            }

            $sql = 'SELECT * FROM watchlist';
            if ($where) {
                $sql .= ' WHERE ' . implode(' AND ', $where);
            }
            $sql .= ' ORDER BY watched ASC, created_at DESC';

            $stmt = $pdo->prepare($sql);
            $stmt->execute($params);
            $items = $stmt->fetchAll();

            $stats = $pdo->query("
                SELECT
                    COUNT(*) AS total,
                    SUM(watched) AS watched,
                    COUNT(*) - SUM(watched) AS unwatched
                FROM watchlist
            ")->fetch();

            $services = $pdo->query("
                SELECT streaming_service, COUNT(*) AS cnt
                FROM watchlist
                WHERE streaming_service IS NOT NULL AND streaming_service != ''
                GROUP BY streaming_service
                ORDER BY cnt DESC
            ")->fetchAll();

            echo json_encode([
                'success'  => true,
                'items'    => $items,
                'stats'    => $stats,
                'services' => $services,
            ]);
            break;

        case 'add':
            $title    = trim($input['title'] ?? '');
            $type     = $input['type']     ?? 'movie';
            $forWhom  = $input['for_whom'] ?? 'all';
            $service  = trim($input['streaming_service'] ?? '');
            $genre    = trim($input['genre'] ?? '');
            $notes    = trim($input['notes'] ?? '');

            if ($title === '') {
                http_response_code(400);
                echo json_encode(['success' => false, 'error' => 'Title is required']);
                exit;
            }

            $validForWhom = ['all', 'nik', 'tod'];
            if (!in_array($forWhom, $validForWhom)) {
                $forWhom = 'all';
            }

            $stmt = $pdo->prepare("
                INSERT INTO watchlist (title, type, for_whom, streaming_service, genre, notes)
                VALUES (?, ?, ?, ?, ?, ?)
            ");
            $stmt->execute([$title, $type, $forWhom, $service ?: null, $genre ?: null, $notes ?: null]);
            $id = $pdo->lastInsertId();

            $item = $pdo->prepare("SELECT * FROM watchlist WHERE id = ?");
            $item->execute([$id]);

            echo json_encode(['success' => true, 'item' => $item->fetch()]);
            break;

        case 'toggle':
            $id = (int)($input['id'] ?? 0);
            if (!$id) {
                http_response_code(400);
                echo json_encode(['success' => false, 'error' => 'ID required']);
                exit;
            }

            $current = $pdo->prepare("SELECT watched FROM watchlist WHERE id = ?");
            $current->execute([$id]);
            $row = $current->fetch();

            if (!$row) {
                http_response_code(404);
                echo json_encode(['success' => false, 'error' => 'Item not found']);
                exit;
            }

            $newWatched = $row['watched'] ? 0 : 1;
            $watchedAt  = $newWatched ? date('Y-m-d H:i:s') : null;

            $stmt = $pdo->prepare("UPDATE watchlist SET watched = ?, watched_at = ? WHERE id = ?");
            $stmt->execute([$newWatched, $watchedAt, $id]);

            echo json_encode(['success' => true, 'watched' => $newWatched]);
            break;

        case 'edit':
            $id      = (int)($input['id'] ?? 0);
            $title   = trim($input['title'] ?? '');
            $type    = $input['type']     ?? 'movie';
            $forWhom = $input['for_whom'] ?? 'all';
            $service = trim($input['streaming_service'] ?? '');
            $genre   = trim($input['genre'] ?? '');
            $notes   = trim($input['notes'] ?? '');

            if (!$id || $title === '') {
                http_response_code(400);
                echo json_encode(['success' => false, 'error' => 'ID and title are required']);
                exit;
            }

            $validForWhom = ['all', 'nik', 'tod'];
            if (!in_array($forWhom, $validForWhom)) {
                $forWhom = 'all';
            }

            $stmt = $pdo->prepare("
                UPDATE watchlist
                SET title = ?, type = ?, for_whom = ?, streaming_service = ?, genre = ?, notes = ?
                WHERE id = ?
            ");
            $stmt->execute([$title, $type, $forWhom, $service ?: null, $genre ?: null, $notes ?: null, $id]);

            $item = $pdo->prepare("SELECT * FROM watchlist WHERE id = ?");
            $item->execute([$id]);

            echo json_encode(['success' => true, 'item' => $item->fetch()]);
            break;

        case 'delete':
            $id = (int)($input['id'] ?? 0);
            if (!$id) {
                http_response_code(400);
                echo json_encode(['success' => false, 'error' => 'ID required']);
                exit;
            }

            $stmt = $pdo->prepare("DELETE FROM watchlist WHERE id = ?");
            $stmt->execute([$id]);

            echo json_encode(['success' => true]);
            break;

        default:
            http_response_code(400);
            echo json_encode(['success' => false, 'error' => 'Unknown action']);
    }

} catch (Exception $e) {
    http_response_code(500);
    echo json_encode(['success' => false, 'error' => $e->getMessage()]);
}