x/spend-sparrow
2
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

feat(transaction): #87 add filter capabillities
All checks were successful
Build Docker Image / Build-Docker-Image (push) Successful in 4m30s
Details
Build and Push Docker Image / Build-And-Push-Docker-Image (push) Successful in 4m6s
Details

Browse Source
This commit was merged in pull request #106.
This commit is contained in:
Tim Wundenberg
2025-05-18 16:52:50 +02:00
parent 989a31afd1
commit 36e480f2ea
7 changed files with 198 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
handler/middleware/cross_site_request_forgery.go
View File

@@ -1,7 +1,6 @@
package middleware
import (
"fmt"
"net/http"
"strings"
@@ -29,8 +28,6 @@ func (rr *csrfResponseWriter) Write(data []byte) (int, error) {
dataStr := string(data)
csrfToken, err := rr.auth.GetCsrfToken(rr.session)
if err == nil {
csrfInput := fmt.Sprintf(`<input type="hidden" name="csrf-token" value="%s" />`, csrfToken)
dataStr = strings.ReplaceAll(dataStr, "</form>", csrfInput+"</form>")
dataStr = strings.ReplaceAll(dataStr, "CSRF_TOKEN", csrfToken)
}
@@ -48,10 +45,8 @@ func CrossSiteRequestForgery(auth service.Auth) func(http.Handler) http.Handler
r.Method == http.MethodDelete ||
r.Method == http.MethodPatch {
csrfToken := r.FormValue("csrf-token")
if csrfToken == "" {
csrfToken = r.Header.Get("csrf-token")
}
csrfToken := r.Header.Get("csrf-token")
if session == nil || csrfToken == "" || !auth.IsCsrfTokenValid(csrfToken, session.Id) {
log.Info("CSRF-Token \"%s\" not correct", csrfToken)
if r.Header.Get("HX-Request") == "true" {