x/spend-sparrow
2
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

feat(observabillity): #153 instrument sqlx
All checks were successful
Build Docker Image / Build-Docker-Image (push) Successful in 2m29s
Details
Build and Push Docker Image / Build-And-Push-Docker-Image (push) Successful in 2m49s
Details

Browse Source
This commit was merged in pull request #160.
This commit is contained in:
Tim Wundenberg
2025-06-07 21:55:59 +02:00
parent c4aca2778f
commit 11f3bcc89f
25 changed files with 434 additions and 409 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
internal/handler/middleware/cross_site_request_forgery.go
View File

@@ -4,30 +4,26 @@ import (
"log/slog"
"net/http"
"spend-sparrow/internal/service"
"spend-sparrow/internal/types"
"spend-sparrow/internal/utils"
"strings"
)
type csrfResponseWriter struct {
http.ResponseWriter
auth service.Auth
session *types.Session
csrfToken string
}
func newCsrfResponseWriter(w http.ResponseWriter, auth service.Auth, session *types.Session) *csrfResponseWriter {
func newCsrfResponseWriter(w http.ResponseWriter, csrfToken string) *csrfResponseWriter {
return &csrfResponseWriter{
ResponseWriter: w,
auth: auth,
session: session,
csrfToken: csrfToken,
}
}
func (rr *csrfResponseWriter) Write(data []byte) (int, error) {
dataStr := string(data)
csrfToken, err := rr.auth.GetCsrfToken(rr.session)
if err == nil {
dataStr = strings.ReplaceAll(dataStr, "CSRF_TOKEN", csrfToken)
if rr.csrfToken != "" {
dataStr = strings.ReplaceAll(dataStr, "CSRF_TOKEN", rr.csrfToken)
}
return rr.ResponseWriter.Write([]byte(dataStr))
@@ -37,6 +33,7 @@ func CrossSiteRequestForgery(auth service.Auth) func(http.Handler) http.Handler
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
session := GetSession(r)
ctx := r.Context()
if r.Method == http.MethodPost ||
r.Method == http.MethodPut ||
@@ -44,7 +41,7 @@ func CrossSiteRequestForgery(auth service.Auth) func(http.Handler) http.Handler
r.Method == http.MethodPatch {
csrfToken := r.Header.Get("Csrf-Token")
if session == nil || csrfToken == "" || !auth.IsCsrfTokenValid(csrfToken, session.Id) {
if session == nil || csrfToken == "" || !auth.IsCsrfTokenValid(ctx, csrfToken, session.Id) {
slog.Info("CSRF-Token not correct", "token", csrfToken)
if r.Header.Get("Hx-Request") == "true" {
utils.TriggerToastWithStatus(w, r, "error", "CSRF-Token not correct", http.StatusBadRequest)
@@ -55,7 +52,17 @@ func CrossSiteRequestForgery(auth service.Auth) func(http.Handler) http.Handler
}
}
responseWriter := newCsrfResponseWriter(w, auth, session)
token, err := auth.GetCsrfToken(ctx, session)
if err != nil {
if r.Header.Get("Hx-Request") == "true" {
utils.TriggerToastWithStatus(w, r, "error", "Could not generate CSRF Token", http.StatusBadRequest)
} else {
http.Error(w, "Could not generate CSRF Token", http.StatusBadRequest)
}
return
}
responseWriter := newCsrfResponseWriter(w, token)
next.ServeHTTP(responseWriter, r)
})
}