import { Injectable, NestMiddleware } from '@nestjs/common';
import { NextFunction, Request, Response } from 'express';
import { TokenService } from 'src/modules/utility/services/token.service';

const DEV = process.env.NODE_ENV !== 'production';

@Injectable()
export class CSRFMiddleware implements NestMiddleware {
  constructor(private readonly tokenService: TokenService) {}

  use(req: Request, res: Response, next: NextFunction) {
    let secretToken = req.cookies.XSRF;
    if (!secretToken) {
      secretToken = this.tokenService.csrf.secretSync();
      res.cookie('XSRF', secretToken, {
        maxAge: 60 * 60 * 1000,
        secure: !DEV,
        httpOnly: true,
        sameSite: 'strict',
      });
    }

    req.csrfToken = () => this.tokenService.csrf.create(secretToken);

    next();
  }
}