<?php
namespace app\middleware;

use Webman\Http\Request;
use Webman\Http\Response;
use Webman\MiddlewareInterface;

class CrossDomain implements MiddlewareInterface
{
    public function process(Request $request, callable $next): Response
    {
        // 动态允许请求来源（支持携带Cookie）
        $origin = $request->header('origin', '*');
        $response = $next($request);

        // 设置跨域响应头
        $response->withHeaders([
            'Access-Control-Allow-Origin'      => $origin,
            'Access-Control-Allow-Methods'     => 'GET, POST, PUT, DELETE, OPTIONS',
            'Access-Control-Allow-Headers'     => 'Content-Type, Authorization, X-Requested-With',
            'Access-Control-Allow-Credentials' => 'true', // 允许携带Cookie
            'Access-Control-Max-Age'           => 86400, // 预检请求缓存时间（秒）
            'Vary'                             => 'Origin' // 避免缓存干扰
        ]);

        return $response;
    }
}