package middleware

import (
	"me-fit/service"
	"net/http"
)

func CrossSiteRequestForgery(auth *service.Auth) func(http.Handler) http.Handler {
	return func(next http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

			// session := r.Context().Value(SessionKey)

			if r.Method == "POST" {
				csrfToken := r.FormValue("csrf-token")
				if csrfToken == "" {
					http.Error(w, "", http.StatusForbidden)
					return
				}
			}

			next.ServeHTTP(w, r)
		})
	}
}