<?php

namespace Middlewares;

use Psr\Http\Message\ServerRequestInterface;
use React\Http\Message\Response;
use Libs\ResponseLib;

class CorsMiddleware
{
    public function __invoke(ServerRequestInterface $request, callable $next)
    {

        // Verifica se a origem está na lista de permitidas
        $corsHeaders = [
            'Access-Control-Allow-Origin' => '*',
            'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE, OPTIONS',
            'Access-Control-Allow-Headers' => 'Content-Type, Authorization, x-user, x-nonce, x-signature',
            'Access-Control-Allow-Credentials' => 'true'
        ];

        // Lida com requisições OPTIONS (preflight)
        if ($request->getMethod() === 'OPTIONS') {
            return new Response(
                200,
                $corsHeaders
            );
        }

        // Chama o próximo middleware/controlador
        $response = $next($request);

        // Adiciona cabeçalhos CORS à resposta
        foreach ($corsHeaders as $header => $value) {
            if ($value) {
                $response = $response->withHeader($header, $value);
            }
        }

        return $response;
    }
}