/*
 * SPDX-FileCopyrightText: 2023 jordi fita mas <jfita@peritasoft.com>
 * SPDX-License-Identifier: AGPL-3.0-only
 */

package auth

import (
	"errors"
	"net/http"

	"golang.org/x/text/language"

	"dev.tandem.ws/tandem/camper/pkg/locale"
)

const (
	CSRFTokenField  = "csrf_token"
	CSRFTokenHeader = "X-CSRFToken"
)

type User struct {
	Email     string
	LoggedIn  bool
	Role      string
	Language  language.Tag
	CSRFToken string
	Locale    *locale.Locale
}

func (user *User) VerifyCSRFToken(r *http.Request) error {
	token := r.Header.Get(CSRFTokenHeader)
	if token == "" {
		token = r.FormValue(CSRFTokenField)
	}
	if user.CSRFToken == token {
		return nil
	}
	return errors.New(user.Locale.Gettext("Cross-site request forgery detected."))
}