package main

import (
	"embed"
	"html/template"
	"log"
	"net/http"
)

func securityHeaders(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.Header().Set("X-Frame-Options", "DENY")
		w.Header().Set("X-Content-Type-Options", "nosniff")
		w.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin")
		w.Header().Set("Content-Security-Policy", "default-src 'self'; script-src 'self' 'wasm-unsafe-eval' 'unsafe-inline' https://stackpath.bootstrapcdn.com; style-src 'self' 'sha256-W6z8OR2iqpPyNGe72eRXH58H75H3UVJDuwHoKA6pX98=' https://stackpath.bootstrapcdn.com; img-src 'self'; font-src https://stackpath.bootstrapcdn.com; worker-src blob:")
		if !devMode {
			w.Header().Set("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
		}
		next.ServeHTTP(w, r)
	})
}

//go:embed all:static
var assets embed.FS

func displayTmpl(w http.ResponseWriter, page string, vars map[string]any) {
	data, err := assets.ReadFile("static/" + page)
	if err != nil {
		log.Fatalf("Unable to find %q: %s", page, err.Error())
	}

	footer, err := assets.ReadFile("static/footer.html")
	if err != nil {
		log.Fatalf("Unable to find %q: %s", "footer.html", err.Error())
	}

	header, err := assets.ReadFile("static/header.html")
	if err != nil {
		log.Fatalf("Unable to find %q: %s", "header.html", err.Error())
	}

	tpl := template.Must(template.New("page").Parse(string(data)))
	tpl.New("footer.html").Parse(string(footer))
	tpl.New("header.html").Parse(string(header))
	tpl.ExecuteTemplate(w, "page", vars)
}

func displayTmplError(w http.ResponseWriter, statusCode int, page string, vars map[string]any) {
	w.WriteHeader(statusCode)
	displayTmpl(w, page, vars)
}

func displayMsg(w http.ResponseWriter, msg string, statusCode int) {
	w.WriteHeader(statusCode)

	label := "error"
	if statusCode < 400 {
		label = "message"
	}

	displayTmpl(w, "message.html", map[string]any{label: msg})
}