<?php require __DIR__.'/../bootstrap/app.php';

use Mcrbee\Streamers\Controllers\ApiController;
use Mcrbee\Streamers\Controllers\WebController;
use Mcrbee\Streamers\Core\Router;
use Mcrbee\Streamers\Core\Response;

header('X-Frame-Options: DENY');
header('X-Content-Type-Options: nosniff');
header('Referrer-Policy: same-origin');
header('Permissions-Policy: geolocation=(), microphone=(), camera=()');
header('Content-Security-Policy: default-src \'self\' https://cdn.jsdelivr.net; style-src \'self\' \'unsafe-inline\' https://cdn.jsdelivr.net; script-src \'self\' \'unsafe-inline\' https://cdn.jsdelivr.net');

$path = parse_url($_SERVER['REQUEST_URI'] ?? '/', PHP_URL_PATH) ?: '/';
$method = $_SERVER['REQUEST_METHOD'] ?? 'GET';
$web = new WebController();
$api = new ApiController();
$webRouter = new Router();
$apiRouter = new Router();
$webRoutes = require __DIR__.'/../routes/web.php';
$apiRoutes = require __DIR__.'/../routes/api.php';
$webRoutes($webRouter, $web);
$apiRoutes($apiRouter, $api);

if ($path === '/') Response::redirect('/admin/login');

$isApiPath = preg_match('#^/api(?:/|$)#', $path) === 1;
$matched = $isApiPath ? $apiRouter->dispatch($method, $path) : $webRouter->dispatch($method, $path);
if (!$matched && $isApiPath) Response::json(['ok' => false, 'error' => 'not_found'], 404);
if (!$matched) Response::redirect('/admin/login');
