<?php
if (!defined('ABSPATH')) exit;

function sro_handle_oauth() {
    if (!isset($_GET['page']) || $_GET['page'] !== 'sro') return;
    if (!isset($_GET['oauth'])) return;

    if (!isset($_GET['code'])) return;

    $client_id = get_option('sro_client_id');
    $client_secret = get_option('sro_client_secret');
    $redirect_uri = admin_url('options-general.php?page=sro&oauth=1');

    $response = wp_remote_post("https://accounts.spotify.com/api/token", array(
        'body' => array(
            'grant_type' => 'authorization_code',
            'code' => $_GET['code'],
            'redirect_uri' => $redirect_uri,
            'client_id' => $client_id,
            'client_secret' => $client_secret
        )
    ));

    if (is_wp_error($response)) return;

    $data = json_decode(wp_remote_retrieve_body($response), true);

    if (isset($data['access_token'])) {
        update_option('sro_access_token', $data['access_token']);
        update_option('sro_refresh_token', $data['refresh_token']);
        update_option('sro_token_expires', time() + 3500);
    }

    wp_redirect(admin_url('options-general.php?page=sro'));
    exit;
}
add_action('admin_init', 'sro_handle_oauth');