feat(security): #286 use csrf token for delete request

2024-12-11 15:47:29 +01:00
parent 8cf2210aaf
commit 12d7c13b02
4 changed files with 82 additions and 87 deletions
--- a/handler/auth.go
+++ b/handler/auth.go
@@ -86,16 +86,7 @@ func (handler AuthImpl) handleSignIn() http.HandlerFunc {
 				return nil, err
 			}

-			cookie := http.Cookie{
-				Name:     "id",
-				Value:    session.Id,
-				MaxAge:   60 * 60 * 8, // 8 hours
-				Secure:   true,
-				HttpOnly: true,
-				SameSite: http.SameSiteStrictMode,
-				Path:     "/",
-			}
-
+			cookie := middleware.CreateSessionCookie(session.Id)
 			http.SetCookie(w, &cookie)

 			return session.User, nil