<?php
namespace WprAddons\Classes\Modules\Forms;

use Elementor\Utils;
use WprAddons\Classes\Utilities;

if ( ! defined( 'ABSPATH' ) ) {
	exit; // Exit if accessed directly.
}

/**
 * WPR Recaptcha Handler - reCAPTCHA v2 and v3 verification
 *
 * @since 3.4.6
 */

class WPR_Recaptcha_Handler {
	public function __construct() {
		add_action( 'wp_ajax_wpr_verify_recaptcha', [ $this, 'wpr_verify_recaptcha' ] );
		add_action( 'wp_ajax_nopriv_wpr_verify_recaptcha', [ $this, 'wpr_verify_recaptcha' ] );
	}

	public function wpr_verify_recaptcha() {
		$recaptcha_response = isset( $_POST['g-recaptcha-response'] ) ? sanitize_text_field( wp_unslash( $_POST['g-recaptcha-response'] ) ) : '';
		$recaptcha_version  = isset( $_POST['recaptcha_version'] ) ? sanitize_text_field( wp_unslash( $_POST['recaptcha_version'] ) ) : 'v3';

		if ( empty( $recaptcha_response ) ) {
			wp_send_json_error( [ 'message' => 'Recaptcha Error' ] );
			return;
		}

		if ( 'v2' === $recaptcha_version ) {
			$is_valid = $this->check_recaptcha_v2( $recaptcha_response );
			if ( $is_valid ) {
				wp_send_json_success( [ 'message' => 'Recaptcha Success' ] );
			} else {
				wp_send_json_error( [ 'message' => 'Recaptcha Error' ] );
			}
			return;
		}

		// v3
		$result = $this->check_recaptcha_v3( $recaptcha_response );
		$score  = isset( $result['score'] ) ? $result['score'] : 0;
		$score_threshold = (float) get_option( 'wpr_recaptcha_v3_score', 0.5 );

		if ( $result['success'] && $score >= $score_threshold ) {
			wp_send_json_success( [
				'message' => 'Recaptcha Success',
				'score'   => $score,
			] );
		} else {
			wp_send_json_error( [
				'message' => 'Recaptcha Error',
				'score'   => $score,
			] );
		}
	}

	/**
	 * Verify reCAPTCHA v2 (checkbox) response. No score returned.
	 *
	 * @param string $recaptcha_response Token from g-recaptcha-response.
	 * @return bool
	 */
	public function check_recaptcha_v2( $recaptcha_response ) {
		$secret_key = get_option( 'wpr_recaptcha_v2_secret_key' );
		if ( empty( $secret_key ) ) {
			return false;
		}

		$remote_ip = isset( $_SERVER['REMOTE_ADDR'] ) ? sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ) ) : '';

		$response = wp_remote_post(
			'https://www.google.com/recaptcha/api/siteverify',
			[
				'body' => [
					'secret'   => $secret_key,
					'response' => $recaptcha_response,
					'remoteip' => $remote_ip,
				],
			]
		);

		if ( is_wp_error( $response ) ) {
			return false;
		}

		$decoded = json_decode( wp_remote_retrieve_body( $response ), true );
		return ! empty( $decoded['success'] );
	}

	/**
	 * Verify reCAPTCHA v3 response. Returns success and score.
	 *
	 * @param string $recaptcha_response Token from g-recaptcha-response.
	 * @return array{ success: bool, score: float|null }
	 */
	public function check_recaptcha_v3( $recaptcha_response ) {
		$secret_key = get_option( 'wpr_recaptcha_v3_secret_key' );
		if ( empty( $secret_key ) ) {
			return [ 'success' => false, 'score' => null ];
		}

		$remote_ip = isset( $_SERVER['REMOTE_ADDR'] ) ? sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ) ) : '';

		$response = wp_remote_post(
			'https://www.google.com/recaptcha/api/siteverify',
			[
				'body' => [
					'secret'   => $secret_key,
					'response' => $recaptcha_response,
					'remoteip' => $remote_ip,
				],
			]
		);

		if ( is_wp_error( $response ) ) {
			return [ 'success' => false, 'score' => null ];
		}

		$decoded = json_decode( wp_remote_retrieve_body( $response ), true );
		$success = ! empty( $decoded['success'] );
		$score   = isset( $decoded['score'] ) ? (float) $decoded['score'] : null;

		return [ 'success' => $success, 'score' => $score ];
	}
}

new WPR_Recaptcha_Handler();