YogiBook_App/lib/services/vanguard_api.dart

import 'dart:convert';
import 'package:http/http.dart' as http;
import '../config/api_config.dart';

class VanguardApi {
  static Map<String, String> authHeaders(String token) => {
    'Accept': 'application/json',
    'Content-Type': 'application/json',
    'Authorization': 'Bearer $token',
  };

  static Future<String> login({
    required String username,
    required String password,
  }) async {
    final url = Uri.parse('${ApiConfig.laravelApiBase}/login');

    final res = await http.post(
      url,
      headers: const {
        'Accept': 'application/json',
        'Content-Type': 'application/json',
      },
      body: jsonEncode({
        'username': username,
        'password': password,
        'device_name': ApiConfig.deviceName,
      }),
    );

    if (res.statusCode != 200) {
      throw Exception('Login failed (${res.statusCode}): ${res.body}');
    }

    final data = jsonDecode(res.body) as Map<String, dynamic>;
    final token = data['token'];
    if (token == null || token.toString().isEmpty) {
      throw Exception('Missing token in login response.');
    }
    return token.toString();
  }

  static Future<void> requestPasswordResetEmail({required String email}) async {
    final url = Uri.parse('${ApiConfig.laravelApiBase}/password/remind');

    final res = await http.post(
      url,
      headers: const {
        'Accept': 'application/json',
        'Content-Type': 'application/json',
      },
      body: jsonEncode({'email': email}),
    );

    if (res.statusCode != 200) {
      throw Exception(
        'Password remind failed (${res.statusCode}): ${res.body}',
      );
    }
  }

  // ---------- Your custom APIs ----------

  static Future<Map<String, dynamic>> getUserSchools({
    required String token,
  }) async {
    final url = Uri.parse('${ApiConfig.phpApiBase}/api_user_schools.php');

    final res = await http.get(
      url,
      headers: {'Accept': 'application/json', 'Authorization': 'Bearer $token'},
    );

    if (res.statusCode != 200) {
      throw Exception('User schools failed (${res.statusCode}): ${res.body}');
    }

    final data = jsonDecode(res.body) as Map<String, dynamic>;
    if (data['success'] != true) {
      throw Exception(data['message'] ?? 'Unknown error (user schools).');
    }
    return data;
  }

  static Future<Map<String, dynamic>> getMyLessons({
    required String token,
    required int schoolId,
    required String month, // YYYY-MM
  }) async {
    final url = Uri.parse(
      '${ApiConfig.phpApiBase}/api_my_lessons.php',
    ).replace(queryParameters: {'school_id': '$schoolId', 'month': month});

    final res = await http.get(
      url,
      headers: {'Accept': 'application/json', 'Authorization': 'Bearer $token'},
    );

    if (res.statusCode != 200) {
      throw Exception('My lessons failed (${res.statusCode}): ${res.body}');
    }

    final data = jsonDecode(res.body) as Map<String, dynamic>;
    if (data['success'] != true) {
      throw Exception(data['message'] ?? 'Unknown error (my lessons).');
    }
    return data;
  }

  static Future<void> logout({required String token}) async {
    // Vanguard / Laravel: quasi sempre POST /logout con Bearer token (Sanctum)
    final url = Uri.parse('${ApiConfig.laravelApiBase}/logout');

    final res = await http.post(url, headers: authHeaders(token));

    // 200 o 204 ok. Alcuni backend rispondono 401 se token già scaduto:
    // in app lo consideriamo comunque "logout riuscito".
    if (res.statusCode == 200 ||
        res.statusCode == 204 ||
        res.statusCode == 401) {
      return;
    }

    throw Exception('Logout failed (${res.statusCode}): ${res.body}');
  }
}