<?php
session_start();
require_once '../../db.php';

if (!isset($_SESSION['user_id'])) {
    echo json_encode(['success' => false, 'message' => 'Not logged in']);
    exit;
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $user_id = $_SESSION['user_id'];
    $name = trim($_POST['name']);
    $permissions = isset($_POST['permissions']) ? implode(',', $_POST['permissions']) : '';
    $expiry_days = (int) $_POST['expiry'];

    // Generate random token
    $token = 'mw_ak_' . bin2hex(random_bytes(16));

    // Expiry date
    $expires_at = date('Y-m-d H:i:s', strtotime("+$expiry_days days"));

    $sql = "INSERT INTO access_tokens (user_id, name, token, permissions, expires_at) VALUES (?, ?, ?, ?, ?)";
    $stmt = $conn->prepare($sql);
    $stmt->bind_param("issss", $user_id, $name, $token, $permissions, $expires_at);

    if ($stmt->execute()) {
        echo json_encode([
            'success' => true,
            'token' => $token,
            'expires_at' => $expires_at
        ]);
    } else {
        echo json_encode(['success' => false, 'message' => 'Database error']);
    }
}