import { Elysia } from "elysia";
import { cors } from "@elysiajs/cors";
import { dashboard } from "./routes/dashboard";
import { account } from "./routes/auth";
import { migrate } from "./db";

await migrate();

const SECURITY_HEADERS = {
  "X-Content-Type-Options": "nosniff",
  "X-Frame-Options": "DENY",
  "Strict-Transport-Security": "max-age=63072000; includeSubDomains",
  "X-XSS-Protection": "0",
  "Referrer-Policy": "strict-origin-when-cross-origin",
};

const app = new Elysia()
  .onAfterHandle(({ set }) => {
    Object.assign(set.headers, SECURITY_HEADERS);
  })
  .use(cors({
    origin: process.env.CORS_ORIGINS?.split(",") ?? ["https://pingql.com"],
    credentials: true,
  }))
  .use(dashboard)
  .use(account)
  .listen(3000);

console.log(`PingQL Web running at http://localhost:${app.server?.port}`);