package bootstrap

import (
	"fmt"
	"net/http"

	"github.com/gorilla/csrf"
)

var CSRFMiddleware func(http.Handler) http.Handler

func InitCSRFProtection(csrfKey []byte, isProduction bool) error {
	if len(csrfKey) != 32 {
		return fmt.Errorf("csrf key must be 32 bytes, got %d", len(csrfKey))
	}

	CSRFMiddleware = csrf.Protect(
		csrfKey,
		csrf.Secure(isProduction),
		csrf.SameSite(csrf.SameSiteStrictMode),
		csrf.Path("/"),
		csrf.HttpOnly(true),
	)

	return nil
}