api-btekno/bin/test_cors.php

<?php

declare(strict_types=1);

/**
 * Script untuk test CORS middleware secara langsung
 * Usage: php bin/test_cors.php
 */

require __DIR__ . '/../vendor/autoload.php';

use App\Config\AppConfig;
use App\Middleware\CorsMiddleware;
use Slim\Psr7\Factory\ServerRequestFactory;
use Slim\Psr7\Factory\ResponseFactory;

// Load environment
AppConfig::loadEnv(__DIR__ . '/..');

echo "=== CORS Middleware Test ===\n\n";

// Create test request with origin header
$requestFactory = new ServerRequestFactory();
$responseFactory = new ResponseFactory();

// Test 1: Origin yang ada di .env
echo "Test 1: Origin 'http://localhost/retribusi' (ada di .env):\n";
$request1 = $requestFactory->createServerRequest('GET', '/health')
    ->withHeader('Origin', 'http://localhost/retribusi');

$response1 = $responseFactory->createResponse(200);
$response1->getBody()->write(json_encode(['status' => 'ok']));

$middleware = new CorsMiddleware();
$handler = new class($response1) implements \Psr\Http\Server\RequestHandlerInterface {
    private $response;
    public function __construct($response) {
        $this->response = $response;
    }
    public function handle(\Psr\Http\Message\ServerRequestInterface $request): \Psr\Http\Message\ResponseInterface {
        return $this->response;
    }
};

$result1 = $middleware->process($request1, $handler);

echo "   Response headers:\n";
foreach ($result1->getHeaders() as $name => $values) {
    if (str_starts_with(strtolower($name), 'access-control-')) {
        echo "   - $name: " . implode(', ', $values) . "\n";
    }
}

// Test 2: Origin yang tidak ada di .env
echo "\nTest 2: Origin 'http://example.com' (tidak ada di .env):\n";
$request2 = $requestFactory->createServerRequest('GET', '/health')
    ->withHeader('Origin', 'http://example.com');

$response2 = $responseFactory->createResponse(200);
$handler2 = new class($response2) implements \Psr\Http\Server\RequestHandlerInterface {
    private $response;
    public function __construct($response) {
        $this->response = $response;
    }
    public function handle(\Psr\Http\Message\ServerRequestInterface $request): \Psr\Http\Message\ResponseInterface {
        return $this->response;
    }
};

$result2 = $middleware->process($request2, $handler2);

echo "   Response headers:\n";
$hasCorsHeaders = false;
foreach ($result2->getHeaders() as $name => $values) {
    if (str_starts_with(strtolower($name), 'access-control-')) {
        $hasCorsHeaders = true;
        echo "   - $name: " . implode(', ', $values) . "\n";
    }
}
if (!$hasCorsHeaders) {
    echo "   ⚠️  No CORS headers found (expected if origin not allowed)\n";
}

// Test 3: OPTIONS request (preflight)
echo "\nTest 3: OPTIONS request (preflight):\n";
$request3 = $requestFactory->createServerRequest('OPTIONS', '/health')
    ->withHeader('Origin', 'http://localhost/retribusi');

$response3 = $responseFactory->createResponse(200);
$handler3 = new class($response3) implements \Psr\Http\Server\RequestHandlerInterface {
    private $response;
    public function __construct($response) {
        $this->response = $response;
    }
    public function handle(\Psr\Http\Message\ServerRequestInterface $request): \Psr\Http\Message\ResponseInterface {
        return $this->response;
    }
};

$result3 = $middleware->process($request3, $handler3);

echo "   Status code: " . $result3->getStatusCode() . "\n";
echo "   Response headers:\n";
foreach ($result3->getHeaders() as $name => $values) {
    if (str_starts_with(strtolower($name), 'access-control-')) {
        echo "   - $name: " . implode(', ', $values) . "\n";
    }
}

echo "\n=== Test Complete ===\n";
echo "\nJika Test 1 tidak ada CORS headers, kemungkinan:\n";
echo "1. PHP-FPM belum di-restart setelah perubahan code\n";
echo "2. Opcache masih cache code lama (clear opcache)\n";
echo "3. Check error log: tail -f /www/wwwlogs/api.btekno.cloud.error.log\n";