package middleware

import (
	"github.com/gorilla/csrf"
	"picgo/configs"
)

func getSecure() (secure bool) {
	if configs.Settings.Server.Environment == "dev" {
		secure = false
	} else {
		secure = true
	}
	return
}

// CsrfMiddleware 设置CSRF保护
var CsrfMiddleware = csrf.Protect(
	[]byte(configs.Settings.Server.SessionsKey),
	csrf.Secure(getSecure()), // 在开发环境中禁用HTTPS
	csrf.RequestHeader("X-CSRF-Token"),
)