<?php

namespace App\Http\Middleware;

use Closure;

class  CorsMiddleware
{
    private $headers = [
        'Access-Control-Allow-Methods' => '*',
        'Access-Control-Allow-Headers' => 'Content-Type, Authorization, X-Requested-With,DNT,X-Mx-ReqToken,ETag,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,language',
        'Access-Control-Allow-Credentials' => 'true',//允许客户端发送cookie
        'Access-Control-Max-Age' => 1728000 //该字段可选，用来指定本次预检请求的有效期，在此期间，不用发出另一条预检请求。
    ];

    private $allow_origin = ['*'];
    protected $urls = ['/admin/view/attach-download/*', '/admin/user/student-export', '/admin/tcm/patient-export', '/api/course/attach-download/*'];

    /**
     * Handle an incoming request.
     *
     * @param \Illuminate\Http\Request $request
     * @param \Closure $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
//        $response = $next($request);
//
//        $paths = $this->urls;
////        foreach ($paths as $path) {
////            if ($path !== '/') {
////                $path = trim($path, '/');
////            }
////
////            if ($request->fullUrlIs($path) || $request->is($path)) {
////                return $response;
////            }
////        }
//        $response->header('Access-Control-Allow-Origin', '*');
//        $response->header('Access-Control-Allow-Methods', '*');
//        $response->header('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Requested-With,DNT,X-Mx-ReqToken,ETag,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,language');
////        $response->header('Access-Control-Allow-Headers', '*');
//        return $response;


//        $this->headers = [
//            'Access-Control-Allow-Methods' => '*',
//            'Access-Control-Allow-Headers' => 'Content-Type, Authorization, X-Requested-With,DNT,X-Mx-ReqToken,ETag,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,language',
//            'Access-Control-Allow-Credentials' => 'true',//允许客户端发送cookie
//            'Access-Control-Max-Age' => 1728000 //该字段可选，用来指定本次预检请求的有效期，在此期间，不用发出另一条预检请求。
//        ];

//        $this->allow_origin = ['*'];

        $origin = isset($_SERVER['HTTP_ORIGIN']) ? $_SERVER['HTTP_ORIGIN'] : '';

        //如果origin不在允许列表内，直接返回403
        if (!in_array('*', $this->allow_origin) && !in_array($origin, $this->allow_origin) && !empty($origin))
            return Response('Forbidden', 403);
        //如果是复杂请求，先返回一个200，并allow该origin
        if ($request->isMethod('options'))
            return $this->setCorsHeaders(Response('OK', 200), $origin);
        //如果是简单请求或者非跨域请求，则照常设置header
        $response = $next($request);
        $methodVariable = array($response, 'header');
        //这个判断是因为在开启session全局中间件之后，频繁的报header方法不存在，所以加上这个判断，存在header方法时才进行header的设置
        if (is_callable($methodVariable, false, $callable_name)) {
            return $this->setCorsHeaders($response, $origin);
        }
        return $response;
    }

    /**
     * @param $response
     * @return mixed
     */
    public function setCorsHeaders($response, $origin)
    {
        foreach ($this->headers as $key => $value) {
            $response->header($key, $value);
        }
        if (in_array($origin, $this->allow_origin)) {
            $response->header('Access-Control-Allow-Origin', $origin);
        } elseif (in_array('*', $this->allow_origin)) {
            $response->header('Access-Control-Allow-Origin', '*');
        } else {
            $response->header('Access-Control-Allow-Origin', '');
        }
        return $response;
    }
}