import { Injectable, NestMiddleware } from '@nestjs/common';
import { NextFunction, Request, Response } from 'express';

@Injectable()
export class ValidateCSRFMiddleware implements NestMiddleware {
  use(req: Request, res: Response, next: NextFunction) {
    // Multipart is handeled elsewhere
    if (req.header('content-type')?.startsWith('multipart/form-data')) {
      return next();
    }

    if (req.body._csrf !== req.session.csrf) {
      return next(new Error('Invalid session'));
    }

    next();
  }
}