<?php

declare(strict_types=1);

namespace Siteworxpro\App\Http\Middleware;

use Nyholm\Psr7\Response;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Siteworxpro\App\Services\Facades\Config;

/**
 * Class CorsMiddleware
 *
 * Middleware to handle CORS (Cross-Origin Resource Sharing) requests.
 * It checks the origin of the request and sets appropriate CORS headers
 * in the response.
 */
class CorsMiddleware implements MiddlewareInterface
{
    /**
     * Process the incoming request and add CORS headers to the response.
     *
     * @param ServerRequestInterface $request The incoming request.
     * @param RequestHandlerInterface $handler The request handler.
     * @return ResponseInterface The response with CORS headers.
     */
    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
    {
        $origin = $request->getHeaderLine('Origin');
        $allowedOrigins = array_map(
            'trim',
            explode(
                ',',
                Config::get('cors.allowed_origins')
            )
        );

        $allowOrigin = in_array($origin, $allowedOrigins, true)
            ? $origin
            : null;

        if ($request->getMethod() === 'OPTIONS') {
            $response = new Response(204);
        } else {
            $response = $handler->handle($request);
        }

        if ($allowOrigin === null) {
            return $response; // Do not add CORS headers if origin is not allowed.
        }

        $response = $response
            ->withHeader('Access-Control-Allow-Origin', $allowOrigin)
            ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS')
            ->withHeader(
                'Access-Control-Allow-Headers',
                $request->getHeaderLine('Access-Control-Request-Headers')
                    ?: 'Content-Type, Authorization'
            );

        if (Config::get('cors.allow_credentials') === true) {
            $response = $response->withHeader('Access-Control-Allow-Credentials', 'true');
        }

        $maxAge = Config::get('cors.max_age') ?: '86400'; // Use correct configuration key.

        return $response->withHeader('Access-Control-Max-Age', $maxAge);
    }
}