<?php
declare(strict_types=1);

namespace Model;

use Controller\Sql;

class Session
{
    public ?string $tokenHash = null;
    public ?string $newSessid = null;
    public ?User $user = null;

    public static function create(User $user): Session
    {
        $sessid = bin2hex(random_bytes(32));
        $sessidHash = hash('sha256', $sessid);

        $sql = Sql::connection();
        $stmt = $sql->prepare('INSERT INTO session (token, user) VALUES (UNHEX(?), ?)');
        $stmt->execute([$sessidHash, $user->id]);

        $session = new self();
        $session->newSessid = $sessid;
        $session->user = $user;
        return $session;
    }

    public static function load(): ?self
    {
        if (!isset($_COOKIE['sessid'])) {
            return null;
        }
        $sessidHash = hash('sha256', $_COOKIE['sessid']);

        $sql = Sql::connection();
        $stmt = $sql->prepare(
            'SELECT user.id, user.name, user.admin FROM session
            JOIN user ON session.user = user.id
            WHERE token = UNHEX(?)'
        );
        $stmt->execute([$sessidHash]);
        if ($row = $stmt->fetch(\PDO::FETCH_ASSOC)) {
            $session = new Session();
            $session->tokenHash = $sessidHash;
            $session->user = new User($row['id'], $row['name'], null, (bool) $row['admin']);
            return $session;
        }

        return null;
    }

    public function destroy(): void
    {
        $sql = Sql::connection();
        $stmt = $sql->prepare('DELETE FROM session WHERE token = UNHEX(?)');
        $stmt->execute([$this->tokenHash]);
    }
}