<?php

declare(strict_types=1);

namespace Automattic\WooCommerce\Internal\Api;

use Automattic\WooCommerce\Utilities\FeaturesUtil;

/**
 * Entry point for the WooCommerce GraphQL API.
 *
 * This class is intentionally free of PHP 8.0+ syntax so that it can be
 * loaded and called on PHP 7.4 without parse errors. The PHP-8.1-only
 * classes (GraphQLController, QueryCache, etc.) are resolved lazily from
 * the DI container only after is_enabled() confirms PHP 8.1+ is available.
 */
class Main {
	/**
	 * Feature flag slug registered in FeaturesController.
	 */
	private const FEATURE_SLUG = 'dual_code_graphql_api';

	/**
	 * Option name for the "Enable GET endpoint" setting.
	 *
	 * When disabled, the GraphQL route only accepts POST requests.
	 */
	public const OPTION_GET_ENDPOINT_ENABLED = 'woocommerce_graphql_get_endpoint_enabled';

	/**
	 * Check whether the Dual Code & GraphQL API feature is active.
	 *
	 * Requires PHP 8.1+ and the dual_code_graphql_api feature flag to be
	 * enabled.
	 *
	 * @return bool
	 */
	public static function is_enabled(): bool {
		return PHP_VERSION_ID >= 80100 && FeaturesUtil::feature_is_enabled( self::FEATURE_SLUG );
	}

	/**
	 * Whether the GraphQL endpoint accepts GET requests.
	 *
	 * Defaults to false. Reads from the option written by the GraphQL
	 * settings section so the REST route registration can decide which
	 * HTTP methods to accept.
	 */
	public static function is_get_endpoint_enabled(): bool {
		return wc_string_to_bool( get_option( self::OPTION_GET_ENDPOINT_ENABLED, 'yes' ) );
	}

	/**
	 * Apply the GraphQL-scoped site settings to a caller-declared list of HTTP
	 * methods.
	 *
	 * Centralises the "what verbs does the admin actually allow on a GraphQL
	 * endpoint" rule so both WooCommerce core's own endpoint and every sibling
	 * plugin endpoint applied through {@see self::register_graphql_endpoint()}
	 * honour the same settings.
	 *
	 * Currently the only rule is: if the GET endpoint has been disabled in the
	 * GraphQL settings section, strip GET from the list.
	 *
	 * @param string[] $methods HTTP methods the caller declared.
	 * @return string[] Possibly narrowed list — may be empty, in which case the
	 *                 caller should skip the route registration entirely.
	 */
	public static function filter_methods_against_settings( array $methods ): array {
		if ( ! self::is_get_endpoint_enabled() ) {
			$methods = array_values( array_diff( $methods, array( 'GET' ) ) );
		}
		return $methods;
	}

	/**
	 * Register the GraphQL endpoint when the feature is active.
	 *
	 * When the feature is off this is a no-op. Classes in the public
	 * Automattic\WooCommerce\Api\ namespace remain autoloadable — extensions
	 * that want to know whether the feature is active should check
	 * FeaturesUtil::feature_is_enabled( 'dual_code_graphql_api' ) rather
	 * than class_exists() on the Api namespace.
	 *
	 * The feature-enabled check is deferred to the `rest_api_init` callback
	 * to avoid triggering translation loading (via FeaturesController) before
	 * the `init` action has fired, which would cause a
	 * `_load_textdomain_just_in_time` notice on WordPress 6.7+.
	 */
	public static function register(): void {
		add_action( 'rest_api_init', array( self::class, 'handle_rest_api_init_for_core' ) );

		$settings = wc_get_container()->get( Settings::class );
		$settings->register();
	}

	/**
	 * Hook callback: register WooCommerce core's GraphQL endpoint.
	 *
	 * @internal
	 */
	public static function handle_rest_api_init_for_core(): void {
		if ( ! self::is_enabled() ) {
			return;
		}

		wc_get_container()->get( Autogenerated\GraphQLController::class )->register();
	}

	/**
	 * Instantiate a GraphQL controller subclass and wire up its dependencies.
	 *
	 * Intended for sibling WooCommerce plugins that ship their own
	 * autogenerated GraphQLController subclass (emitted by build-api.php
	 * into their own autogenerated namespace). The returned controller is
	 * ready to have handle_request() attached to a REST route.
	 *
	 * Returns null when the feature flag is off or PHP is < 8.1, so callers
	 * can invoke this unconditionally from inside their own rest_api_init
	 * handler.
	 *
	 * @param string $controller_class_name Fully-qualified name of a subclass of GraphQLController.
	 *
	 * @throws \InvalidArgumentException If $controller_class_name does not extend GraphQLController.
	 */
	public static function instantiate_graphql_controller( string $controller_class_name ): ?GraphQLController {
		if ( ! self::is_enabled() ) {
			return null;
		}

		self::assert_is_controller_subclass( $controller_class_name );

		$controller = new $controller_class_name();
		$controller->init( wc_get_container()->get( QueryCache::class ) );
		return $controller;
	}

	/**
	 * Register a GraphQL REST endpoint backed by a plugin-provided controller subclass.
	 *
	 * May be called at any time up to and including the `rest_api_init` hook:
	 * if called earlier, registration is deferred to that hook; if called from
	 * inside another plugin's `rest_api_init` handler, registration happens
	 * immediately. Calls made after `rest_api_init` has already completed
	 * register a REST route that WP_REST_Server won't honour on the current
	 * request — callers should avoid deferring registration past bootstrap.
	 *
	 * When the feature flag is off or PHP is < 8.1 this is a silent no-op.
	 *
	 * The first argument accepts either of two forms:
	 *
	 *  - A plugin root directory (recommended): pass `__DIR__` from the plugin's
	 *    bootstrap file. The controller class is resolved by convention from
	 *    `{dir}/src/Internal/Api/Autogenerated/GraphQLController.php` — ApiBuilder
	 *    always emits the generated subclass at that path.
	 *  - A controller class FQCN: use this when the plugin keeps its generated
	 *    code somewhere other than the conventional location, or registers
	 *    multiple endpoints backed by different controller classes.
	 *
	 * Plugins calling this method should guard the call with method_exists():
	 *
	 *     if ( method_exists( \Automattic\WooCommerce\Internal\Api\Main::class, 'register_graphql_endpoint' ) ) {
	 *         \Automattic\WooCommerce\Internal\Api\Main::register_graphql_endpoint(
	 *             __DIR__,
	 *             'my-plugin',
	 *             '/graphql'
	 *         );
	 *     }
	 *
	 * @param string   $plugin_dir_or_controller_class Plugin root directory, OR a fully-qualified GraphQLController subclass name. See above.
	 * @param string   $route_namespace                REST route namespace, as passed to register_rest_route().
	 * @param string   $route                          REST route path, as passed to register_rest_route().
	 * @param string[] $methods                        HTTP methods accepted on the endpoint. Defaults to GET + POST.
	 *
	 * @throws \InvalidArgumentException If no controller can be resolved from a directory argument, or if the resolved class does not extend GraphQLController.
	 */
	public static function register_graphql_endpoint(
		string $plugin_dir_or_controller_class,
		string $route_namespace,
		string $route,
		array $methods = array( 'GET', 'POST' )
	): void {
		if ( ! self::is_enabled() ) {
			return;
		}

		$controller_class_name = self::resolve_controller_class( $plugin_dir_or_controller_class );

		// Validate up front so a typo surfaces here at bootstrap rather than
		// deep inside the deferred rest_api_init callback.
		self::assert_is_controller_subclass( $controller_class_name );

		$registrar = new GraphQLEndpointRegistrar( $controller_class_name, $route_namespace, $route, $methods );

		if ( did_action( 'rest_api_init' ) ) {
			$registrar->handle_rest_api_init();
		} else {
			add_action( 'rest_api_init', array( $registrar, 'handle_rest_api_init' ) );
		}
	}

	/**
	 * Resolve the first argument of {@see self::register_graphql_endpoint()} to a
	 * controller class name. If the argument is an existing directory, treat it
	 * as the plugin root and read the namespace from the generated controller
	 * file at the conventional path. Otherwise return the argument unchanged so
	 * it's used as a class FQCN.
	 *
	 * @param string $arg Either a plugin root directory or a controller class FQCN.
	 *
	 * @throws \InvalidArgumentException If the argument is a directory but the
	 *                                   generated controller file is missing or
	 *                                   doesn't declare a PHP namespace.
	 */
	private static function resolve_controller_class( string $arg ): string {
		if ( ! is_dir( $arg ) ) {
			return $arg;
		}

		$controller_file = rtrim( $arg, '/\\' ) . '/src/Internal/Api/Autogenerated/GraphQLController.php';
		if ( ! is_file( $controller_file ) ) {
			throw new \InvalidArgumentException(
				sprintf(
					'Expected a generated GraphQL controller at %s, but the file does not exist. Run the plugin\'s API build script first, or pass an explicit controller class name.',
					esc_html( $controller_file )
				)
			);
		}

		// The generated controller always declares its namespace near the top
		// of the file; reading the first few KB is more than enough. Reading a
		// local file — not a URL — so wp_remote_get() does not apply here.
		// phpcs:ignore WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents
		$head = file_get_contents( $controller_file, false, null, 0, 4096 );
		if ( false === $head ) {
			throw new \InvalidArgumentException(
				sprintf( 'Could not read the controller file at %s.', esc_html( $controller_file ) )
			);
		}

		$namespace = self::extract_namespace_from_php_source( $head );
		if ( null === $namespace ) {
			throw new \InvalidArgumentException(
				sprintf( 'Could not determine the PHP namespace of the controller at %s.', esc_html( $controller_file ) )
			);
		}

		return $namespace . '\\GraphQLController';
	}

	/**
	 * Extract an unbracketed `namespace …;` declaration from a PHP source fragment.
	 *
	 * Uses PHP's tokenizer rather than a regex so the parse isn't fooled by
	 * declarations inside heredocs, comments, or bracketed-namespace syntax,
	 * and continues to work if the generator's output format changes
	 * (e.g. attributes before the declaration, single-line `<?php namespace`).
	 *
	 * @param string $source PHP source code.
	 * @return ?string The namespace FQN without leading or trailing separator, or null if none found.
	 */
	private static function extract_namespace_from_php_source( string $source ): ?string {
		$tokens = token_get_all( $source );
		$count  = count( $tokens );
		for ( $i = 0; $i < $count; $i++ ) {
			if ( ! is_array( $tokens[ $i ] ) || T_NAMESPACE !== $tokens[ $i ][0] ) {
				continue;
			}
			$namespace = '';
			for ( $j = $i + 1; $j < $count; $j++ ) {
				$token = $tokens[ $j ];
				if ( is_array( $token ) ) {
					// T_NAME_QUALIFIED and T_NAME_FULLY_QUALIFIED exist on PHP 8+ and already
					// contain the full namespace path; T_STRING / T_NS_SEPARATOR are the
					// equivalent pieces on older versions.
					if ( in_array( $token[0], array( T_STRING, T_NS_SEPARATOR ), true )
						|| ( defined( 'T_NAME_QUALIFIED' ) && T_NAME_QUALIFIED === $token[0] )
						|| ( defined( 'T_NAME_FULLY_QUALIFIED' ) && T_NAME_FULLY_QUALIFIED === $token[0] ) ) {
						$namespace .= $token[1];
						continue;
					}
					if ( T_WHITESPACE === $token[0] ) {
						continue;
					}
				}
				// Single-character tokens `;` (unbracketed namespace) and `{` (bracketed) end the declaration.
				break;
			}
			$namespace = trim( $namespace, '\\' );
			if ( '' !== $namespace ) {
				return $namespace;
			}
		}
		return null;
	}

	/**
	 * Assert that a class name resolves to a concrete GraphQLController subclass.
	 *
	 * @param string $controller_class_name Fully-qualified name of the class to validate.
	 *
	 * @throws \InvalidArgumentException If the class cannot be autoloaded, or does not extend GraphQLController.
	 */
	private static function assert_is_controller_subclass( string $controller_class_name ): void {
		// Differentiate "class does not exist" (typo / stale autoloader) from
		// "class exists but is not a subclass" — is_subclass_of() collapses
		// both into false, which is confusing when debugging a bootstrap typo.
		if ( ! class_exists( $controller_class_name ) ) {
			throw new \InvalidArgumentException(
				sprintf(
					'GraphQL controller class "%s" does not exist or is not autoloadable. Check the spelling, or run `composer dump-autoload` if it was added since the last autoloader regeneration.',
					esc_html( $controller_class_name )
				)
			);
		}
		if ( ! is_subclass_of( $controller_class_name, GraphQLController::class ) ) {
			throw new \InvalidArgumentException(
				sprintf(
					'Class "%s" must extend %s.',
					esc_html( $controller_class_name ),
					esc_html( GraphQLController::class )
				)
			);
		}
	}
}