package csrf

import (
	"net/http"
	"strings"
)

func (m *Middleware) getTokenFromCookies(r *http.Request) string {
	tokenCookie, err := r.Cookie(m.CookieName)
	if err != nil {
		return ""
	}

	tokenValue := strings.TrimSpace(tokenCookie.Value)
	return tokenValue
}

// Set a cookie with CSRF token that will expire when the browser shuts down.
func (m *Middleware) setTokenCookie(w http.ResponseWriter, token string) {
	http.SetCookie(w, &http.Cookie{
		Name:  m.CookieName,
		Value: token,
		Path:  "/",
		// JavaScript should have access to this cookie.
		HttpOnly: false,
		SameSite: m.SameSite,
		Secure:   m.Secure,
	})
}