package middleware

import (
	"strings"

	"github.com/gin-gonic/gin"
)

const sensitiveNoStoreCacheControl = "no-store, no-cache, must-revalidate, max-age=0"

// NoStoreSensitiveResponses prevents browser or intermediary caching for auth routes.
func NoStoreSensitiveResponses() gin.HandlerFunc {
	return func(c *gin.Context) {
		if shouldDisableCaching(c.FullPath(), c.Request.URL.Path) {
			headers := c.Writer.Header()
			headers.Set("Cache-Control", sensitiveNoStoreCacheControl)
			headers.Set("Pragma", "no-cache")
			headers.Set("Expires", "0")
			headers.Set("Surrogate-Control", "no-store")
		}

		c.Next()
	}
}

func shouldDisableCaching(routePath, requestPath string) bool {
	path := strings.TrimSpace(routePath)
	if path == "" {
		path = strings.TrimSpace(requestPath)
	}
	return strings.HasPrefix(path, "/api/v1/auth")
}