export const allowedOrigins = [
  'https://tools.acherryontop.com',
  'https://inventory.kent.pw',
  'https://acot.site',
  /^http:\/\/localhost:(5174|5175)$/,
];

export const corsOptions = {
  origin(origin, callback) {
    if (!origin) return callback(null, true);
    const ok = allowedOrigins.some((allowed) =>
      allowed instanceof RegExp ? allowed.test(origin) : allowed === origin
    );
    if (ok) return callback(null, true);
    callback(new Error('CORS not allowed'));
  },
  methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],
  allowedHeaders: ['Content-Type', 'Authorization'],
  exposedHeaders: ['Content-Type'],
  credentials: true,
  maxAge: 600,
};

export default corsOptions;