package http

import (
	"net/http"

	"git.sharkk.net/Sky/Moonshark/core/logger"
	"git.sharkk.net/Sky/Moonshark/core/utils"
)

// HandleCSRFError handles a CSRF validation error
func HandleCSRFError(w http.ResponseWriter, r *http.Request, errorConfig utils.ErrorPageConfig) {
	logger.Warning("CSRF validation failed for %s %s", r.Method, r.URL.Path)

	w.Header().Set("Content-Type", "text/html; charset=utf-8")
	w.WriteHeader(http.StatusForbidden)

	errorMsg := "Invalid or missing CSRF token. This could be due to an expired form or a cross-site request forgery attempt."
	errorHTML := utils.ForbiddenPage(errorConfig, r.URL.Path, errorMsg)
	w.Write([]byte(errorHTML))
}