package middleware

import "net/http"

func CrossSiteRequestForgery() func(http.Handler) http.Handler {
	return func(next http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			if r.Method == "POST" {
				// Check the CSRF token
				csrfToken := r.Header.Get("X-CSRF-Token")
				sessionToken := r.Header.Get("X-Session-Token")
				if csrfToken != sessionToken {
					http.Error(w, "CSRF token mismatch", http.StatusForbidden)
					return
				}
			}

			next.ServeHTTP(w, r)
		})
	}
}