package main

import (
	"html/template"
	"net/http"

	"github.com/gorilla/csrf"
	"github.com/gorilla/securecookie"
)

func csrfHandler(next http.Handler) http.Handler {
	return csrf.Protect(
		securecookie.GenerateRandomKey(32),
		csrf.SameSite(csrf.SameSiteStrictMode),
		csrf.FieldName("csrf.csrffield"), // should match the structure in `Csrf`
	)(next)
}

// Csrf handles the CSRF data for a form.
// Include it verbatim and then use `{{.CsrfField}}` in templates.
type Csrf struct {
	CsrfField template.HTML `form:"-"`
}

func CsrfField(r *http.Request) Csrf {
	return Csrf{CsrfField: csrf.TemplateField(r)}
}