__package__ = 'archivebox.api'

from django.http import HttpResponse


class ApiCorsMiddleware:
    """Attach permissive CORS headers for API routes (token-based auth)."""

    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        if request.path.startswith('/api/'):
            if request.method == 'OPTIONS' and request.META.get('HTTP_ACCESS_CONTROL_REQUEST_METHOD'):
                response = HttpResponse(status=204)
                return self._add_cors_headers(request, response)

            response = self.get_response(request)
            return self._add_cors_headers(request, response)

        return self.get_response(request)

    def _add_cors_headers(self, request, response):
        origin = request.META.get('HTTP_ORIGIN')
        if not origin:
            return response

        response['Access-Control-Allow-Origin'] = '*'
        response['Access-Control-Allow-Methods'] = 'GET, POST, PUT, PATCH, DELETE, OPTIONS'
        response['Access-Control-Allow-Headers'] = (
            'Authorization, X-ArchiveBox-API-Key, Content-Type, X-CSRFToken'
        )
        response['Access-Control-Max-Age'] = '600'
        return response