x/spend-sparrow
2
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

fix: lint errors
All checks were successful
Build Docker Image / Build-Docker-Image (push) Successful in 5m22s
Details
Build and Push Docker Image / Build-And-Push-Docker-Image (push) Successful in 5m26s
Details

Browse Source
This commit was merged in pull request #130.
This commit is contained in:
Tim Wundenberg
2025-05-25 16:36:30 +02:00
parent 2ba5ddd9f2
commit 128a2fc4d7
36 changed files with 1024 additions and 968 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
handler/middleware/cross_site_request_forgery.go
View File

@@ -37,19 +37,17 @@ func (rr *csrfResponseWriter) Write(data []byte) (int, error) {
func CrossSiteRequestForgery(auth service.Auth) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
session := GetSession(r)
if r.Method == http.MethodPost ||
r.Method == http.MethodPut ||
r.Method == http.MethodDelete ||
r.Method == http.MethodPatch {
csrfToken := r.Header.Get("csrf-token")
csrfToken := r.Header.Get("Csrf-Token")
if session == nil || csrfToken == "" || !auth.IsCsrfTokenValid(csrfToken, session.Id) {
log.Info("CSRF-Token \"%s\" not correct", csrfToken)
if r.Header.Get("HX-Request") == "true" {
if r.Header.Get("Hx-Request") == "true" {
utils.TriggerToastWithStatus(w, r, "error", "CSRF-Token not correct", http.StatusBadRequest)
} else {
http.Error(w, "CSRF-Token not correct", http.StatusBadRequest)