<?php

namespace app\process;

use Webman\App;
use Webman\Http\Response;

class Http extends App
{
    /**
     * 在父类处理前拦截 OPTIONS 预检，直接返回 CORS 头（避免预检未命中路由时无 CORS）
     */
    public function onMessage($connection, $request): void
    {
        $method = $request->method();
        if (is_string($method) && strtoupper($method) === 'OPTIONS') {
            $path = $request->path();
            $path = is_string($path) ? trim($path, '/') : '';
            $isApiOrAdmin = $path !== '' && (str_starts_with($path, 'api') || str_starts_with($path, 'admin'));
            if ($isApiOrAdmin) {
                $origin = $request->header('origin');
                $origin = is_array($origin) ? ($origin[0] ?? '') : (is_string($origin) ? trim($origin) : '');
                if ($origin === '') {
                    $origin = '*';
                }
                $headers = [
                    'Access-Control-Allow-Origin'      => $origin,
                    'Access-Control-Allow-Credentials' => 'true',
                    'Access-Control-Max-Age'           => '1800',
                    'Access-Control-Allow-Methods'      => 'GET, POST, PUT, DELETE, PATCH, OPTIONS',
                    'Access-Control-Allow-Headers'      => 'Content-Type, Authorization, batoken, ba-user-token, think-lang',
                ];
                $connection->send(new Response(204, $headers, ''));
                return;
            }
        }
        parent::onMessage($connection, $request);
    }
}