from flask import Flask
from flask_cors import CORS

def create_app():
    app = Flask(__name__, 
                static_folder='static',
                template_folder='templates')
    
    # Configure CORS
    CORS(app, resources={
        r"/*": {
            "origins": [
                r"https://.*\.hf\.space",        # any HF Space subdomain
                "https://<your-username>.github.io",
                "https://www.<your-domain>.com",
                "http://localhost:5000",
                "http://127.0.0.1:5000",
            ],
            "methods": ["GET", "POST", "OPTIONS"],
            "allow_headers": ["Content-Type"]
        }
    })
    
    # Configure security headers
    @app.after_request
    def add_security_headers(response):
        response.headers['Access-Control-Allow-Origin'] = '*'
        response.headers['Access-Control-Allow-Methods'] = 'GET, POST, OPTIONS'
        response.headers['Access-Control-Allow-Headers'] = 'Content-Type'
        return response
    
    # Register blueprints
    from app.routes import main
    app.register_blueprint(main)
    
    return app