import { getWebAuthnConfig } from '../../utils/webauthn-config.js'

export default defineEventHandler(async (event) => {
  const requestOrigin = getHeader(event, 'origin')
  const { origin: webauthnOrigin } = getWebAuthnConfig()
  
  console.log('[DEBUG] OPTIONS preflight request received (register-passkey)', {
    origin: requestOrigin,
    webauthnOrigin,
    timestamp: new Date().toISOString()
  })

  // CORS-Header für Cross-Device Authentication
  const allowedOrigin = requestOrigin || webauthnOrigin
  
  if (allowedOrigin) {
    setHeader(event, 'Access-Control-Allow-Origin', allowedOrigin)
    setHeader(event, 'Access-Control-Allow-Credentials', 'true')
    setHeader(event, 'Access-Control-Allow-Methods', 'POST, OPTIONS')
    setHeader(event, 'Access-Control-Allow-Headers', 'Content-Type, Authorization, Origin, X-Requested-With')
    setHeader(event, 'Access-Control-Max-Age', '86400') // 24 Stunden Cache für Preflight
    console.log('[DEBUG] CORS headers set for OPTIONS', { 
      origin: allowedOrigin,
      requestOrigin,
      webauthnOrigin
    })
  }

  // OPTIONS Preflight-Request: 204 No Content
  setResponseStatus(event, 204)
  return null
})