<?php
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-API-KEY");
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");

if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    http_response_code(200);
    exit;
}

header('Content-Type: application/json');

// TODO: Implementasi logic login di sini
// Contoh response structure:
/*
$input = json_decode(file_get_contents('php://input'), true);

if (!isset($input['username']) || !isset($input['password'])) {
    http_response_code(400);
    echo json_encode(['error' => 'invalid_request']);
    exit;
}

// Validasi X-API-KEY
if (!isset($_SERVER['HTTP_X_API_KEY']) || $_SERVER['HTTP_X_API_KEY'] !== 'RETRIBUSI-DASHBOARD-KEY') {
    http_response_code(401);
    echo json_encode(['error' => 'unauthorized']);
    exit;
}

// Logic authentication
// ... kode auth yang sudah ada ...

// Response success
echo json_encode([
    'token' => 'Bearer xxxxx',
    'user' => [
        'username' => 'admin',
        'role' => 'admin',
        'locations' => ['kerkof_01']
    ]
]);
*/