<?php

declare(strict_types=1);

use DI\ContainerBuilder;
use Slim\Factory\AppFactory;
use Dotenv\Dotenv;

require __DIR__ . '/../vendor/autoload.php';

// 🔹 Load .env config
$dotenv = Dotenv::createImmutable(__DIR__ . '/../');
$dotenv->load();

$domain = $_ENV['MAIN_COOKIE_DOMAIN'] ?? '.lxdapp.local';
session_set_cookie_params([
    'lifetime' => 0,
    'path' => '/',
    'domain' => $domain,
    'secure' => false,  // set true if using HTTPS
    'httponly' => true,
    'samesite' => 'Lax',
]);

if (session_status() === PHP_SESSION_NONE) {
    session_start();
}

// Build Container using PHP-DI
$containerBuilder = new ContainerBuilder();
$containerBuilder->useAutowiring(true);   // Enable autowiring globally


// Add settings
$settings = require __DIR__ . '/../src/Settings/settings.php';
$settings($containerBuilder);

// Add dependencies
$dependencies = require __DIR__ . '/../src/Dependencies/dependencies.php';
$dependencies($containerBuilder);

// Build the container
$container = $containerBuilder->build();

// Set container to AppFactory
AppFactory::setContainer($container);

// Create App
$app = AppFactory::create();

// 🔹 CORS middleware
$app->add(function ($request, $handler) {
    $response = $handler->handle($request);
    $origin = $_SERVER['HTTP_ORIGIN'] ?? '*';

    return $response
        ->withHeader('Access-Control-Allow-Origin', $origin)
        ->withHeader('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, Authorization')
        ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS')
        ->withHeader('Access-Control-Allow-Credentials', 'true');
});

// Register middleware
(require __DIR__ . '/../src/Bootstrap/middleware.php')($app);

// Register routes
(require __DIR__ . '/../src/Bootstrap/routes.php')($app);

// Run app
$app->run();