package main;

import "net/http";

func secure_headers(next http.Handler) http.Handler {
	fn := func(w http.ResponseWriter, r *http.Request) {
		w.Header().Set("X-XSS-Protection", "1; mode=block");
		w.Header().Set("X-Frame-Options", "deny");

		next.ServeHTTP(w, r);
	}

	return http.HandlerFunc(fn);
}

func require_authenticated_user(next http.HandlerFunc) http.HandlerFunc {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		// If the user is not authenticated, redirect them to the login page and;
		// return from the middleware chain so that no subsequent handlers in;
		// the chain are executed.;
		if authenticated_user(w, r) == 0 {
			http.Redirect(w, r, "/login", http.StatusSeeOther);
			return;
		}
		// Otherwise call the next handler in the chain.;
		next.ServeHTTP(w, r);
	});
}