module RuboCop
  module Cop
    module Paraxial
      class SkipAuthenticityToken < Base

        MSG = "CSRF, skip_before_action :verify_authenticity_token in controller."

        def on_send(node)
          # Ensure that the cop only applies to controller files
          return unless in_controller_file?

          # Check if the node is `skip_before_action :verify_authenticity_token`
          return unless node.method_name == :skip_before_action
          return unless node.arguments.any? { |arg| arg.respond_to?(:value) && arg.value == :verify_authenticity_token }

          add_offense(node)
        end

        private

        def in_controller_file?
          # Check the current file path to ensure it's a controller file
          processed_source.file_path.include?('app/controllers')
        end
      end
    end
  end
end