module Jets::Controller::ForgeryProtection

def forgery_protection_enabled?
  # Example:
  #
  #    before_actions [[:verify_authenticity_token, {}], [:set_post, {:only=>[:show, :edit, :update, :delete]}
  #
  before_actions.map { |a| a[0] }.include?(:verify_authenticity_token)
end

def protect_from_forgery(options = {})
  before_action :verify_authenticity_token, options
end

def skip_forgery_protection
  skip_before_action :verify_authenticity_token
end

def verify_authenticity_token
  return true if Jets.env.test? || request.get? || request.head?
  token = session[:authenticity_token]
  verified = !token.nil? && (token == params[:authenticity_token] || token == request.headers["x-csrf-token"])
  unless verified
    raise Error::InvalidAuthenticityToken
  end
end