import { Injectable, NestMiddleware } from '@nestjs/common';
import { NextFunction, Request, Response } from 'express';
import { TokenService } from 'src/modules/utility/services/token.service';

@Injectable()
export class ValidateCSRFMiddleware implements NestMiddleware {
  constructor(private readonly tokenService: TokenService) {}

  use(req: Request, res: Response, next: NextFunction) {
    // Never try to validate these
    if (['GET', 'HEAD', 'OPTIONS'].includes(req.method)) {
      return next();
    }

    // Multipart is handeled elsewhere
    if (req.header('content-type')?.startsWith('multipart/form-data')) {
      return next();
    }

    if (!this.tokenService.verifyCSRF(req)) {
      return next(new Error('Invalid session'));
    }

    next();
  }
}