package csrf

import "net/http"

type CtxKey string

const ContextUserId CtxKey = "userid"

func (c CSRF) MiddleAuth(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		// requires WhoIsThis middleware to set this context key beforehand...
		userID := r.Context().Value(ContextUserId).(string)
		if c.AuthCheck(userID, r.RequestURI, r.FormValue("csrf")) {
			c.DeniedFn(w, r)
			return
		}
		next.ServeHTTP(w, r)
	})
}

func (c CSRF) MiddleUnauth(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		if !c.UnauthCheck(r.RequestURI, r.FormValue("csrf")) {
			c.DeniedFn(w, r)
			return
		}
		next.ServeHTTP(w, r)
	})
}