<?php
require_once '../src/config.php';

$backup_uuid = $_GET['id'] ?? null;
$share_token = $_GET['token'] ?? null;

if (!$backup_uuid && !$share_token) die("Missing parameters");

$db = get_db();
$backup = null;

// Query to get backup info + server info
$sql = "SELECT b.*, u.username, n.name as node, s.uuid as server_uuid, s.name as server_display_name 
        FROM backups b 
        LEFT JOIN servers s ON b.server_id = s.id 
        LEFT JOIN users u ON (s.user_id = u.id OR b.user_id = u.id) 
        LEFT JOIN nodes n ON s.node_id = n.id";

if ($share_token) {
    $stmt = $db->prepare("$sql WHERE b.share_token = ? AND b.share_expires_at > NOW()");
    $stmt->bind_param("s", $share_token);
} else {
    if (!isset($_SESSION['user_id'])) die("Login required");
    $stmt = $db->prepare("$sql WHERE b.uuid = ?");
    $stmt->bind_param("s", $backup_uuid);
}

$stmt->execute();
$backup = $stmt->get_result()->fetch_assoc();

if (!$backup) die("File not found or link expired");

// Permission check for non-share links
if (!$share_token && !$_SESSION['is_admin'] && $backup['username'] !== $_SESSION['username']) {
    die("Access denied");
}

// Construct physical path
$username = $backup['username'];
$node = $backup['node'] or "manual";
$s_uuid = $backup['server_uuid'];
$filename = $backup['filename'];

$path = null;
$internal_uri = null;

if ($s_uuid) {
    $sub_path = "$username/$node/$s_uuid/$filename";
    if (file_exists("/var/data/sorted/$sub_path")) {
        $internal_uri = "/internal-sorted/$sub_path";
    } else {
        $sub_path = "$username/$node/$s_uuid/backups/$filename";
        if (file_exists("/var/data/sorted/$sub_path")) {
            $internal_uri = "/internal-sorted/$sub_path";
        }
    }
} else {
    $sub_path = "$username/manual/$filename";
    if (file_exists("/var/data/sorted/$sub_path")) {
        $internal_uri = "/internal-sorted/$sub_path";
    }
}

if (!$internal_uri) die("Physical file missing on disk");

// Construct descriptive filename
$baseName = $backup['original_name'] ?: ($backup['server_display_name'] ?: $backup['uuid']);
$baseName = preg_replace('/[^a-zA-Z0-9А-Яа-я_\- ]/u', '_', $baseName);
$baseName = trim($baseName);

$extension = '.tar.gz';
if (preg_match('/(\.tar\.gz|\.zip|\.tar|\.gz)$/i', $filename, $matches)) {
    $extension = $matches[0];
}
$downloadName = $baseName . $extension;

// --- CRITICAL OPTIMIZATION ---
// 1. Release session lock immediately so dashboard can load in other tabs
session_write_close();

// 2. Use X-Accel-Redirect to let Nginx serve the file directly (zero-copy)
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . $downloadName . '"');
header('X-Accel-Redirect: ' . $internal_uri);
exit;