<?php

declare(strict_types=1);

namespace OCA\Retro\Controller;

use OCA\Retro\AppInfo\Application;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\ContentSecurityPolicy;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\IRequest;
use OCP\Util;

class PageController extends Controller
{
	public function __construct(IRequest $request) {
		parent::__construct(Application::APP_ID, $request);
	}

	#[NoCSRFRequired]
	#[NoAdminRequired]
	#[FrontpageRoute(verb: 'GET', url: '/')]
	public function run(): TemplateResponse {
		Util::addScript(Application::APP_ID, Application::APP_ID.'-main');
		Util::addStyle(Application::APP_ID, Application::APP_ID.'-main');

		$csp = new ContentSecurityPolicy();
		$csp->addAllowedConnectDomain('cdn.emulatorjs.org');
		$csp->addAllowedConnectDomain('blob:');
		$csp->addAllowedWorkerSrcDomain('blob:');

		/** @psalm-suppress DeprecatedMethod */
		$csp->allowEvalScript(true);

		$response = new TemplateResponse(Application::APP_ID, 'index');
		$response->setHeaders([
			'Cross-Origin-Opener-Policy' => 'same-origin',
			'Cross-Origin-Embedder-Policy' => 'require-corp',
		]);
		$response->setContentSecurityPolicy($csp);

		return $response;
	}
}