package csrf_test

import (
	"fmt"
	"net/http"

	"git.bivouac.wiki/use/csrf"
)

func denied(w http.ResponseWriter, r *http.Request) {
	w.Header().Set("Content-Type", "text/html")
	fmt.Println("404: " + r.URL.Path)
	w.WriteHeader(403)
	w.Write([]byte("CSRF invalid"))
}

func ExampleCSRF() {
	k := csrf.SessionRandB64(16)
	c := csrf.New(k, denied)
	val := c.AuthMake("alice", "/home")
	c.AuthCheck("alice", "/home", val)
	// can add in the httptest examples for the middleware in a bit.
}