<?php

declare(strict_types=1);

use App\App\Bootstrap;
use App\Admin\Auth;
use App\Security\Csrf;
use App\Storage\FileSystem;
use App\Storage\JsonStore;

require dirname(__DIR__) . '/src/autoload.php';
Bootstrap::init();

$auth = new Auth();
$auth->requireLogin();

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    echo 'Method not allowed';
    exit;
}

if (!Csrf::validate((string) ($_POST['csrf'] ?? ''))) {
    http_response_code(419);
    echo 'Ungültiges CSRF-Token.';
    exit;
}

$id = trim((string) ($_POST['id'] ?? ''));
if ($id === '') {
    http_response_code(422);
    echo 'Ungültige ID.';
    exit;
}

$store = new JsonStore();
$submission = $store->getSubmissionByKey($id);
if ($submission === null) {
    http_response_code(404);
    echo 'Antrag nicht gefunden.';
    exit;
}

$store->deleteSubmissionByKey($id);
$app = Bootstrap::config('app');
$uploadDir = rtrim((string) $app['storage']['uploads'], '/') . '/' . (string) ($submission['application_key'] ?? '');
FileSystem::removeTree($uploadDir);

header('Location: /admin/index.php');
exit;