<?php declare(strict_types=1);
namespace openvk\VKAPI\Handlers;
use openvk\Web\Models\Repositories\Applications;

final class Pay extends VKAPIRequestHandler
{
    function getIdByMarketingId(string $marketing_id): int
    {
        [$hexId, $signature] = explode("_", $marketing_id);
        try {
            $key = CHANDLER_ROOT_CONF["security"]["secret"];
            if(sodium_memcmp(base64_decode($signature), hash_hmac("sha512/224", $hexId, $key, true)) == -1)
                $this->fail(4, "Invalid marketing id");
        } catch (\SodiumException $e) {
            $this->fail(4, "Invalid marketing id");
        }
        
        return hexdec($hexId);
    }
    
    function verifyOrder(int $app_id, float $amount, string $signature): bool
    {
        $this->requireUser();
        
        $app = (new Applications())->get($app_id);
        if(!$app)
            $this->fail(26, "No app found with this id");
        else if($app->getOwner()->getId() != $this->getUser()->getId())
            $this->fail(15, "Access error");
        
        [$time, $signature] = explode(",", $signature);
        try {
            $key = CHANDLER_ROOT_CONF["security"]["secret"];
            if(sodium_memcmp($signature, hash_hmac("whirlpool", "$app_id:$amount:$time", $key)) == -1)
                $this->fail(4, "Invalid order");
        } catch (\SodiumException $e) {
            $this->fail(4, "Invalid order");
        }
        
        return true;
    }
}