<?php

require_once __DIR__ . '/../includes/api_bootstrap.php';
require_once __DIR__ . '/../includes/chore_helpers.php';

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    sendJson(['success' => false, 'error' => 'Method not allowed'], 405);
}

$people = migrateAllPeople(normalizePeopleList(readJsonFile('people.json')));
$actor = requireActivePerson($people);
if (($actor['role'] ?? '') !== ROLE_HEAD || !isHohVerified()) {
    sendJson(['success' => false, 'error' => 'Only a verified Head of household can rotate NFC person tokens'], 403);
}

$body = readJsonBody();
$personId = isset($body['person_id']) ? trim((string) $body['person_id']) : '';
if ($personId === '') {
    sendJson(['success' => false, 'error' => 'person_id is required'], 400);
}

$match = null;
foreach ($people as $i => $person) {
    if (($person['id'] ?? '') === $personId) {
        $match = $i;
        break;
    }
}
if ($match === null) {
    sendJson(['success' => false, 'error' => 'Person not found'], 404);
}

$token = generateOpaqueToken();
$people[$match]['nfc_submit_token_hash'] = hashOpaqueToken($token);
$people[$match]['nfc_submit_token_updated_at'] = gmdate('c');

if (!writeJsonFile('people.json', $people)) {
    sendJson(['success' => false, 'error' => 'Failed to save person token'], 500);
}

sendJson([
    'success' => true,
    'person_id' => $personId,
    'person_name' => (string) ($people[$match]['name'] ?? $personId),
    'person_token' => $token,
]);