<?php

require_once __DIR__ . '/../includes/api_bootstrap.php';
require_once __DIR__ . '/../includes/expense_helpers.php';

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    sendJson(['success' => false, 'error' => 'Method not allowed'], 405);
}

$people = normalizePeopleList(readJsonFile('people.json'));
$actor = requireActivePerson($people);
if (($actor['role'] ?? '') !== ROLE_HEAD || !isHohVerified()) {
    sendJson(['success' => false, 'error' => 'Only a verified Head of household can record expenses'], 403);
}

$creatorId = (string) ($actor['id'] ?? '');

$body = readJsonBody();
$title = isset($body['title']) ? trim((string) $body['title']) : '';
$description = isset($body['description']) ? trim((string) $body['description']) : '';
$date = isset($body['date']) ? trim((string) $body['date']) : '';
$assigneeId = isset($body['assignee_id']) ? trim((string) $body['assignee_id']) : '';

if ($title === '') {
    sendJson(['success' => false, 'error' => 'Title is required'], 400);
}
if ($date === '' || !preg_match('/^\d{4}-\d{2}-\d{2}$/', $date)) {
    sendJson(['success' => false, 'error' => 'date must be YYYY-MM-DD'], 400);
}
if ($assigneeId === '') {
    sendJson(['success' => false, 'error' => 'assignee_id is required'], 400);
}

$valRaw = $body['value'] ?? null;
if (!is_numeric($valRaw)) {
    sendJson(['success' => false, 'error' => 'value must be a number'], 400);
}
$value = round((float) $valRaw, 2);
if ($value <= 0) {
    sendJson(['success' => false, 'error' => 'value must be greater than zero'], 400);
}

$targetIdx = null;
foreach ($people as $i => $p) {
    if (($p['id'] ?? '') === $assigneeId) {
        $targetIdx = $i;
        break;
    }
}
if ($targetIdx === null) {
    sendJson(['success' => false, 'error' => 'Assignee not found'], 400);
}

$bal = $people[$targetIdx]['currency_balance'] ?? 0;
$bal = is_numeric($bal) ? (float) $bal : 0.0;
if ($bal < $value) {
    sendJson([
        'success' => false,
        'error' => 'Insufficient balance: has ' . number_format($bal, 2, '.', '') . ', expense is ' . number_format($value, 2, '.', ''),
    ], 400);
}

$people[$targetIdx]['currency_balance'] = round($bal - $value, 2);

$expense = [
    'id' => bin2hex(random_bytes(8)),
    'title' => $title,
    'description' => $description,
    'date' => $date,
    'value' => $value,
    'assignee_id' => $assigneeId,
    'created_at' => gmdate('c'),
    'created_by' => $creatorId,
];

$expenses = normalizeExpensesList(readJsonFile('expenses.json'));
$expenses[] = $expense;

if (!writeJsonFile('people.json', $people)) {
    sendJson(['success' => false, 'error' => 'Failed to update balance'], 500);
}
if (!writeJsonFile('expenses.json', $expenses)) {
    $people[$targetIdx]['currency_balance'] = $bal;
    writeJsonFile('people.json', $people);
    sendJson(['success' => false, 'error' => 'Failed to save expense; balance was not changed'], 500);
}

sendJson(['success' => true, 'expense' => $expense, 'new_balance' => $people[$targetIdx]['currency_balance']]);