rework to lighten the main, refactor wrappers. Rehandle csrf and pull config items.

handlers/security/csrf.go

@@ -0,0 +1,26 @@
+package security
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/gorilla/csrf"
+)
+
+var CSRFMiddleware func(http.Handler) http.Handler
+
+func InitCSRFProtection(csrfKey []byte, isProduction bool) error {
+	if len(csrfKey) != 32 {
+		return fmt.Errorf("csrf key must be 32 bytes, got %d", len(csrfKey))
+	}
+
+	CSRFMiddleware = csrf.Protect(
+		csrfKey,
+		csrf.Secure(isProduction),
+		csrf.SameSite(csrf.SameSiteStrictMode),
+		csrf.Path("/"),
+		csrf.HttpOnly(true),
+	)
+
+	return nil
+}