/*globals define*/

define('ep/inject-sec-token', [
    'jquery',
    'ep',

    'jquery/cookie',
    '$ready!'
], function ($, ep) {
    'use strict';

    /**
     * Inject a security token into a html form (csrf)
     * @param  {Object}  options    Optional options
     * @param  {String}  tokenName  Cookie to retrieve (also used as input name).
     * @param  {String}  selector   Form to inject the cookie into
     * @param  {String}  link       Selector for links to inject the cookie into
     */
    ep.injectSecToken = function (options) {
        var defaults = {
                tokenName: 'SecToken',
                selector: 'form[method="post"]',
                link: 'a'
            },
            cookies = $.cookie(),

            appendSecToken = function (form) {
                if (cookies[defaults.tokenName] && form.find("input[name='" + defaults.tokenName + "']").length === 0) {
                    form.append('<input type="hidden" name="' + defaults.tokenName + '" value="' + cookies[defaults.tokenName] + '" />');
                }
            },

            appendSecTokenToLink = function (link) {
                var href = link.attr('href');

                if (href && (href.search(/ChangeAction/i) > -1) && cookies[defaults.tokenName] && (href.search(new RegExp(defaults.tokenName)) === -1)) {
                    href += ((href.search(/\?/) === -1) ? "?" : "&") + defaults.tokenName + "=" + cookies[defaults.tokenName];
                    link.attr('href', href);
                }
            };

        $.extend(defaults, options);

        // forms
        $(defaults.selector).each(function () {
            appendSecToken($(this));
        });

        // links
        $(defaults.link).each(function () {
            appendSecTokenToLink($(this));
        });

        // handle submit event
        $(document).on('submit', defaults.selector, function () {
            appendSecToken($(this));
        });

        // handle click event
        $(document).on('click', defaults.link, function () {
            appendSecTokenToLink($(this));
        });
    };

    return ep;
});