using System;
using System.Linq;
using System.Net;
using System.Web.Helpers;
using System.Web.Mvc;

namespace Kreta.Web.Security
{
    /// <summary>
    /// Validálja az Ajax hívások esetén a tokent csak az Ajaxhelper.js álltal küldött ajax hívás tartalmazza a tokent
    /// </summary>
    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
    public class MvcValidateAjaxAntiForgeryToken : AuthorizeAttribute
    {

        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            if (filterContext?.HttpContext?.Request.Headers != null)
            {

                var headerToken = filterContext.HttpContext
                    .Request
                    .Headers
                    .GetValues("X-Request-Verification-Token");

                var cookieToken = filterContext.HttpContext
                    .Request
                    .Cookies[AntiForgeryConfig.CookieName];

                if (cookieToken == null || headerToken == null)
                {
                    filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Forbidden, Resources.ErrorResource.NincsJogaAzOldalMegtekintesehez);
                }
                else
                {
                    try
                    {
                        AntiForgery.Validate(cookieToken.Value, headerToken.FirstOrDefault());
                    }
                    catch
                    {
                        filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Forbidden, Resources.ErrorResource.NincsJogaAzOldalMegtekintesehez);
                    }
                }
            }
        }
    }
}