package serve

import (
	"net/http"
	"time"
)

const cookieName = "__Host-consent-v1"

// SetConsent registers a consent cookie on the response.
func SetConsent(w http.ResponseWriter) {
	http.SetCookie(w, &http.Cookie{
		Name:     cookieName,
		Value:    "given",
		Expires:  time.Now().Add(20 * 365 * 24 * time.Hour),
		Path:     "/",
		Secure:   true,
		HttpOnly: true,
		SameSite: http.SameSiteLaxMode,
	})
}

// NeedsConsent is a middleware that immediately responds with a 403 if the
// request does not bear a consent cookie.
func NeedsConsent(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		if _, err := r.Cookie(cookieName); err != nil {
			http.Error(w, cookieFailed, http.StatusForbidden)
			return
		}
		next.ServeHTTP(w, r)
	})
}

const cookieFailed = `
The requested resource requires consent to processing identifying information and storing necessary cookies.
I'm just a lil guy. The information is used solely for providing the service's functionality.
`