bartender/public/index.php

<?php

require __DIR__ . '/../vendor/autoload.php';

$path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
$file = __DIR__ . $path;
if (php_sapi_name() === 'cli-server' && is_file($file)) {
    return false;
}

if (class_exists(Dotenv\Dotenv::class) && file_exists(__DIR__ . '/../.env')) {
    Dotenv\Dotenv::createImmutable(
        dirname(__DIR__),
        null,
        true
    )->safeLoad();
}

error_reporting(E_ALL);

use FrameworkX\App;
use Middlewares\HmacAuthMiddleware;
use Middlewares\JWTAuthMiddleware;
use Middlewares\CorsMiddleware;
use Psr\Http\Message\ServerRequestInterface;
use React\Http\Message\Response;

$app = new App();

// Instancia os middlewares
$authHmac = new HmacAuthMiddleware();
$authJwt = new JWTAuthMiddleware();
$cors = new CorsMiddleware();

// Função para envolver rotas com CORS
$withCors = function ($handler) use ($cors) {
    return function (ServerRequestInterface $request) use ($handler, $cors) {
        return $cors($request, $handler);
    };
};

// Função para lidar apenas com requisições OPTIONS
$handleOptions = function (ServerRequestInterface $request) {
    $corsHeaders = [
        'Access-Control-Allow-Origin' => '*',
        'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE, OPTIONS',
        'Access-Control-Allow-Headers' => '*',
        'Access-Control-Allow-Credentials' => 'true'
    ];

    return new Response(200, array_filter($corsHeaders));
};

// Rotas com CORS aplicado
$app->get('/hmachelloworld', $withCors($authHmac), \Controllers\HelloController::class);
$app->options('/hmachelloworld', $handleOptions);

$app->get('/jwthelloworld', $withCors($authJwt), \Controllers\HelloController::class);
$app->options('/jwthelloworld', $handleOptions);

$app->post('/login', $withCors(\Controllers\LoginController::class));
$app->options('/login', $handleOptions);

$app->post('/register', $withCors(\Controllers\RegisterController::class));
$app->options('/register', $handleOptions);

$app->run();