import { CorsOptions } from 'cors';
import config from './config';

const NODE_ENV = config.env || 'development';

let corsOptions: CorsOptions;

if (NODE_ENV === 'development') {
  corsOptions = {
    origin: true,
    credentials: true,
  };
} else {
  const rawOrigins =
    config.corsOrigin?.split(',').map((o) => o.trim()) || [];
  const allowAll = rawOrigins.includes('*');

  const exactOrigins = new Set<string>();
  const wildcardRegex: RegExp[] = [];

  for (const origin of rawOrigins) {
    if (origin === '*') continue;

    if (origin.startsWith('*.')) {
      const domain = origin
        .slice(2)
        .replace(/\./g, '\\.');

      wildcardRegex.push(
        new RegExp(`^https?:\\/\\/([a-z0-9-]+\\.)*${domain}$`, 'i'),
      );
    } else {
      exactOrigins.add(origin);
    }
  }

  corsOptions = {
    origin(origin, callback) {
      if (!origin) return callback(null, true);
      if (allowAll) return callback(null, true);
      if (exactOrigins.has(origin)) {
        return callback(null, true);
      }
      for (const regex of wildcardRegex) {
        if (regex.test(origin)) {
          return callback(null, true);
        }
      }

      return callback(new Error(`CORS blocked: ${origin}`));
    },
    credentials: true,
  };
}

export { corsOptions };