<?php

class handleCors
{
    public function __construct()
    {
        //look to see if settings file exists. kinda important
        if (file_exists("../config/settings.json")) {
            //check settings to see if external api access is allowed
            $config = new Settings();
            $settings = $config->getSettings();
            if ($settings["global"]["externalAPI"]) {
                //echo "API STATUS: " . $settings["global"]["externalAPI"];
                if ($settings["global"]["externalAPI"] == "true") {
                    //echo "API ACCESS ACTIVE";
                    // checks to see if origin is set
                    if (isset($_SERVER["HTTP_ORIGIN"])) {
                        // You can decide if the origin in $_SERVER['HTTP_ORIGIN'] is something you want to allow, or as we do here, just allow all
                        header("Access-Control-Allow-Origin: {$_SERVER["HTTP_ORIGIN"]}");
                    } else {
                        //No HTTP_ORIGIN set, so we allow any. You can disallow if needed here
                        //never allow just any domain, so turn CORS off if no No HTTP_ORIGIN is set
                        //header("Access-Control-Allow-Origin: *");
                    }

                    header("Access-Control-Allow-Credentials: true");
                    header("Access-Control-Max-Age: 600"); // cache for 10 minutes

                    if ($_SERVER["REQUEST_METHOD"] == "OPTIONS") {
                        if (isset($_SERVER["HTTP_ACCESS_CONTROL_REQUEST_METHOD"])) {
                            header(
                                "Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT"
                            );
                        } //Make sure you remove those you do not want to support

                        if (isset($_SERVER["HTTP_ACCESS_CONTROL_REQUEST_HEADERS"])) {
                            header(
                                "Access-Control-Allow-Headers: {$_SERVER["HTTP_ACCESS_CONTROL_REQUEST_HEADERS"]}"
                            );
                        }

                        //Just exit with 200 OK with the above headers for OPTIONS method
                        exit(0);
                    }
                } else {
                    //echo "API ACCESS ACTIVE";
                }
            } else {
                //value doesn't exist, so whatevs
                //echo "API ACCESS VALUE NOT PRESENT";
            }
        } else {
            //init state, so chill
        }
    }
}