<?php

declare(strict_types=1);

namespace UploadLogger\Detectors;

use UploadLogger\Core\Context;
use UploadLogger\Core\DetectorInterface;
use UploadLogger\Core\Config;

final class ContentDetector implements DetectorInterface
{
    private ?Config $config;

    public function __construct(?Config $config = null)
    {
        $this->config = $config;
    }

    public function getName(): string
    {
        return 'content';
    }

    /**
     * @param array<string, mixed> $input
     * @return array<string, mixed>
     */
    public function detect(Context $context, array $input = []): array
    {
        $tmp = (string)($input['tmp'] ?? '');
        $size = (int)($input['size'] ?? 0);
        $realMime = (string)($input['real_mime'] ?? '');

        $suspicious = false;
        $reasons = [];

        if ($tmp === '' || !is_file($tmp)) {
            return ['suspicious' => false, 'reasons' => []];
        }

        // Determine limits from Config if provided, otherwise use defaults
        $maxBytes = 8192;
        $maxFilesize = 2 * 1024 * 1024;
        $allowXmlEval = false;
        $customPatterns = [];

        if ($this->config instanceof Config) {
            $maxBytes = (int)$this->config->get('detectors.content.sniff_max_bytes', $this->config->get('limits.sniff_max_bytes', $maxBytes));
            $maxFilesize = (int)$this->config->get('detectors.content.sniff_max_filesize', $this->config->get('limits.sniff_max_filesize', $maxFilesize));
            $allowXmlEval = (bool)$this->config->get('detectors.content.allow_xml_eval', false);
            $customPatterns = (array)$this->config->get('detectors.content.custom_patterns', []);
        }

        if ($size <= 0) {
            $size = @filesize($tmp) ?: 0;
        }
        if ($size <= 0 || $size > $maxFilesize) {
            return ['suspicious' => false, 'reasons' => []];
        }

        $bytes = min($maxBytes, $size);
        $maxlen = $bytes > 0 ? $bytes : null;
        $head = @file_get_contents($tmp, false, null, 0, $maxlen);
        if ($head === false || $head === '') {
            return ['suspicious' => false, 'reasons' => []];
        }

        $scan = $head;

        // Detect PHP open tags (avoid matching <?xml)
        if (preg_match('/<\?php|<\?=|<\?(?!xml)/i', $scan)) {
            $suspicious = true;
            $reasons[] = 'php_tag';
        }

        // Built-in function patterns
        $funcPatterns = [
            'passthru\s*\(', 'system\s*\(', 'exec\s*\(', 'shell_exec\s*\(',
            'proc_open\s*\(', 'popen\s*\(', 'pcntl_exec\s*\(',
        ];

        foreach ($funcPatterns as $pat) {
            if (preg_match('/' . $pat . '/i', $scan)) {
                $suspicious = true;
                $reasons[] = 'danger_func';
                break;
            }
        }

        // Base64/eval/assert patterns often indicate obfuscated payloads
        if (preg_match('/base64_decode\s*\(|eval\s*\(|assert\s*\(/i', $scan)) {
            $isXmlLike = preg_match('/xml|svg/i', $realMime);
            if (!preg_match('/eval\s*\(/i', $scan) || !$isXmlLike || $allowXmlEval === true) {
                $suspicious = true;
                $reasons[] = 'obf_func';
            }
        }

        // Custom patterns from config
        foreach ($customPatterns as $p) {
            try {
                if (@preg_match($p, $scan)) {
                    $suspicious = true;
                    $reasons[] = 'custom_pattern';
                }
            } catch (\Throwable $e) {
                // ignore invalid patterns
            }
        }

        return ['suspicious' => $suspicious, 'reasons' => array_values(array_unique($reasons))];
    }
}