internal/handler/middleware/authenticate.go

@@ -3,6 +3,7 @@ package middleware
 import (
 	"context"
 	"net/http"
+	"strings"
 
 	"spend-sparrow/internal/service"
 	"spend-sparrow/internal/types"
@@ -16,6 +17,13 @@ var UserKey ContextKey = "user"
 func Authenticate(service service.Auth) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			ctx := r.Context()
+
+			if strings.Contains(r.URL.Path, "/static/") {
+				next.ServeHTTP(w, r.WithContext(ctx))
+				return
+			}
+
 			sessionId := getSessionID(r)
 			session, user, _ := service.SignInSession(r.Context(), sessionId)
 
@@ -33,7 +41,6 @@ func Authenticate(service service.Auth) func(http.Handler) http.Handler {
 				http.SetCookie(w, &cookie)
 			}
 
-			ctx := r.Context()
 			ctx = context.WithValue(ctx, UserKey, user)
 			ctx = context.WithValue(ctx, SessionKey, session)
 

internal/handler/middleware/cross_site_request_forgery.go

@@ -32,9 +32,15 @@ func (rr *csrfResponseWriter) Write(data []byte) (int, error) {
 func CrossSiteRequestForgery(auth service.Auth) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			session := GetSession(r)
 			ctx := r.Context()
 
+			if strings.Contains(r.URL.Path, "/static/") {
+				next.ServeHTTP(w, r.WithContext(ctx))
+				return
+			}
+
+			session := GetSession(r)
+
 			if r.Method == http.MethodPost ||
 				r.Method == http.MethodPut ||
 				r.Method == http.MethodDelete ||