<?php
declare(strict_types=1);

if (session_status() !== PHP_SESSION_ACTIVE) {
    session_start();
}

require_once __DIR__ . '/../../config/config.php';

if (!signed_in()) {
    json_out([
        'ok' => false,
        'error' => 'login_required',
    ], 401);
}

if (($_SERVER['REQUEST_METHOD'] ?? 'GET') !== 'POST') {
    json_out([
        'ok' => false,
        'error' => 'method_not_allowed',
    ], 405);
}

require_csrf();

$data = push_subscription_from_json((string)file_get_contents('php://input'));
$payload = [
    'title' => (string)($data['title'] ?? 'Seoul Control Center'),
    'body' => (string)($data['body'] ?? 'Push notification test'),
    'url' => '/',
    'tag' => (string)($data['tag'] ?? 'control-test'),
    'created_at' => date('Y-m-d H:i:s'),
];

json_out([
    'ok' => true,
    'data' => send_push_payload($payload),
]);