<?php
// =====================================================
// test_signature_verify.php
// ใช้ตรวจสอบ signature จาก Client (Browser / Flutter)
// =====================================================

header("Content-Type: application/json; charset=utf-8");

$TOKEN  = "PACKBEACON2025";
$SECRET = "PackBeacon@Secure!";

// อ่านค่าจาก Header หรือ GET หรือ POST
$client_token     = $_SERVER["HTTP_X_TOKEN"]     ?? ($_REQUEST["token"] ?? "");
$client_timestamp = $_SERVER["HTTP_X_TIMESTAMP"] ?? ($_REQUEST["timestamp"] ?? "");
$client_signature = $_SERVER["HTTP_X_SIGNATURE"] ?? ($_REQUEST["signature"] ?? "");

if (!$client_token || !$client_timestamp || !$client_signature) {
    echo json_encode([
        "status" => "error",
        "message" => "missing parameters (token / timestamp / signature)"
    ]);
    exit;
}

$server_signature = hash_hmac("sha256", $client_token . $client_timestamp, $SECRET);

$result = hash_equals($server_signature, $client_signature);

echo json_encode([
    "status" => $result ? "success" : "fail",
    "message" => $result ? "Signature ถูกต้อง" : "Signature ไม่ตรง",
    "client" => [
        "token" => $client_token,
        "timestamp" => $client_timestamp,
        "signature" => $client_signature
    ],
    "server" => [
        "signature" => $server_signature
    ]
], JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE);
