<?php

use Illuminate\Foundation\Application;
use Illuminate\Foundation\Configuration\Exceptions;
use Illuminate\Foundation\Configuration\Middleware;

return Application::configure(basePath: dirname(__DIR__))
    ->withRouting(
        web: __DIR__.'/../routes/web.php',
        api: __DIR__.'/../routes/api.php',
        commands: __DIR__.'/../routes/console.php',
        health: '/up',
    )
    ->withMiddleware(function (Middleware $middleware): void {
        // Adicionar headers de segurança em todas as requisições
        $middleware->append(\App\Http\Middleware\SecurityHeaders::class);

        // Alias para rate limiting
        $middleware->alias([
            'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
            'plan.limits' => \App\Http\Middleware\CheckPlanLimits::class,
            'admin.only' => \App\Http\Middleware\AdminOnly::class,
            'demo.protect' => \App\Http\Middleware\DemoProtection::class,
        ]);
        
        // Aplicar proteção demo em todas as rotas de API autenticadas
        $middleware->api(append: [
            \App\Http\Middleware\DemoProtection::class,
        ]);
    })
    ->withExceptions(function (Exceptions $exceptions): void {
        //
    })->create();