<?php

namespace TwoFAS\TwoFAS\Http\Middleware;

use TwoFAS\TwoFAS\Helpers\Flash;
use TwoFAS\TwoFAS\Helpers\URL;
use TwoFAS\TwoFAS\Http\JSON_Response;
use TwoFAS\TwoFAS\Http\Redirection_Response;
use TwoFAS\TwoFAS\Http\Request;
use TwoFAS\TwoFAS\Http\View_Response;

class Check_Nonce extends Middleware {

	/**
	 * @var Request
	 */
	private $request;

	/**
	 * @var Flash
	 */
	private $flash;

	/**
	 * @var URL
	 */
	private $url;

	/**
	 * @param Request $request
	 * @param Flash   $flash
	 * @param URL     $url
	 */
	public function __construct( Request $request, Flash $flash, URL $url ) {
		$this->request = $request;
		$this->flash   = $flash;
		$this->url     = $url;
	}

	/**
	 * @return JSON_Response|Redirection_Response|View_Response
	 */
	public function handle() {
		$action = $this->request->action();
		$nonce  = $this->request->get_nonce();

		if ( $this->request->is_post() && ! $this->check( $nonce, $action ) ) {
			if ( $this->request->is_ajax() ) {
				return $this->json( array(
					'error' => 'Security token is invalid.',
				), 403 );
			}

			$this->flash->add_message( 'error', 'csrf' );

			return $this->redirection( $this->request->page(), $this->request->referer_action() );
		}

		return $this->next->handle();
	}

	/**
	 * @param string $nonce
	 * @param string $action
	 *
	 * @return bool
	 */
	private function check( $nonce, $action ) {
		return false !== wp_verify_nonce( $nonce, $action );
	}
}