<?php

use Illuminate\Foundation\Application;
use Illuminate\Foundation\Configuration\Exceptions;
use Illuminate\Foundation\Configuration\Middleware;

return Application::configure(basePath: dirname(__DIR__))
    ->withRouting(
        api: __DIR__.'/../routes/api.php',
        commands: __DIR__.'/../routes/console.php',
        health: '/up',
    )
    ->withMiddleware(function (Middleware $middleware) {
        // Global security middleware
        $middleware->api(prepend: [
            \App\Http\Middleware\AuditRequestMiddleware::class,
        ]);

        // Trust all proxies (behind nginx + Cloudflare)
        $middleware->trustProxies(at: '*');

        // Middleware aliases
        $middleware->alias([
            'role'               => \Spatie\Permission\Middleware\RoleMiddleware::class,
            'permission'         => \Spatie\Permission\Middleware\PermissionMiddleware::class,
            'role_or_permission' => \Spatie\Permission\Middleware\RoleOrPermissionMiddleware::class,
            'audit'              => \App\Http\Middleware\AuditRequestMiddleware::class,
            'idempotency'        => \App\Http\Middleware\IdempotencyMiddleware::class,
            'throttle.actions'   => \App\Http\Middleware\ThrottleSensitiveActions::class,
            'auth.jwt'           => \App\Http\Middleware\JwtAuthenticate::class,
        ]);
    })
    ->withExceptions(function (Exceptions $exceptions) {
        //
    })
    ->create();