<?php

namespace App\Services;

use App\Models\PaymentIntent;
use App\Models\Registration;
use Illuminate\Http\Request;

class XenditService
{
    /**
     * Replace with real Xendit Invoice API call.
     * Return:
     * - provider_ref_id (invoice id)
     * - checkout_url
     */
    public function createInvoice(PaymentIntent $intent, Registration $registration): array
    {
        // TODO: call Xendit Invoice API using XENDIT_API_KEY
        // For now: stub response
        $providerRefId = 'inv_stub_' . $intent->id;
        $checkoutUrl = 'https://checkout.xendit.co/web/' . $providerRefId;

        return [
            'provider_ref_id' => $providerRefId,
            'checkout_url' => $checkoutUrl,
            'raw_payload' => [
                'stub' => true,
                'intent_id' => $intent->id,
                'registration_id' => $registration->id
            ]
        ];
    }

    /**
     * Minimal webhook verification using a shared token (recommended baseline).
     * Configure `XENDIT_WEBHOOK_TOKEN` in .env and set the same token in Xendit dashboard.
     */
    public function verifyWebhook(Request $request): bool
    {
        $expected = config('pxg.xendit.webhook_token', '');
        if (!$expected) return true; // allow in dev

        // Xendit commonly uses X-Callback-Token for invoice callbacks.
        $got = $request->header('X-Callback-Token') ?? $request->header('x-callback-token');
        return is_string($got) && hash_equals($expected, $got);
    }
}