diff --git a/handler/auth.go b/handler/auth.go
index a5c9cd0..e027e1c 100644
--- a/handler/auth.go
+++ b/handler/auth.go
@@ -86,16 +86,7 @@ func (handler AuthImpl) handleSignIn() http.HandlerFunc {
return nil, err
}
- cookie := http.Cookie{
- Name: "id",
- Value: session.Id,
- MaxAge: 60 * 60 * 8, // 8 hours
- Secure: true,
- HttpOnly: true,
- SameSite: http.SameSiteStrictMode,
- Path: "/",
- }
-
+ cookie := middleware.CreateSessionCookie(session.Id)
http.SetCookie(w, &cookie)
return session.User, nil
diff --git a/handler/middleware/cross_site_request_forgery.go b/handler/middleware/cross_site_request_forgery.go
index eae2bc1..c8ed1a4 100644
--- a/handler/middleware/cross_site_request_forgery.go
+++ b/handler/middleware/cross_site_request_forgery.go
@@ -30,6 +30,7 @@ func (rr *csrfResponseWriter) Write(data []byte) (int, error) {
if err == nil {
csrfField := fmt.Sprintf(``, csrfToken)
dataStr = strings.ReplaceAll(dataStr, "", csrfField+"")
+ dataStr = strings.ReplaceAll(dataStr, "CSRF_TOKEN", csrfToken)
}
}
@@ -52,30 +53,21 @@ func CrossSiteRequestForgery(auth service.Auth) func(http.Handler) http.Handler
r.Method == http.MethodPatch {
csrfToken := r.FormValue("csrf-token")
+ if csrfToken == "" {
+ csrfToken = r.Header.Get("csrf-token")
+ }
if csrfToken == "" || !auth.IsCsrfTokenValid(csrfToken, session.Id) {
http.Error(w, "", http.StatusForbidden)
return
}
}
- if session == nil {
- var err error
- session, err = auth.SignInAnonymous()
- if err != nil {
- http.Error(w, "", http.StatusInternalServerError)
- return
- }
+ if session == nil && (strings.Contains(r.RequestURI, "/auth/signup") || strings.Contains(r.RequestURI, "/auth/signin")) {
+ session, _ = auth.SignInAnonymous()
+
+ cookie := CreateSessionCookie(session.Id)
+ http.SetCookie(w, &cookie)
}
- cookie := http.Cookie{
- Name: "id",
- Value: session.Id,
- MaxAge: 60 * 60 * 8, // 8 hours
- Secure: true,
- HttpOnly: true,
- SameSite: http.SameSiteStrictMode,
- Path: "/",
- }
- http.SetCookie(w, &cookie)
responseWriter := newCsrfResponseWriter(w, auth, session)
next.ServeHTTP(responseWriter, r)
diff --git a/handler/middleware/default.go b/handler/middleware/default.go
new file mode 100644
index 0000000..0146fb5
--- /dev/null
+++ b/handler/middleware/default.go
@@ -0,0 +1,15 @@
+package middleware
+
+import "net/http"
+
+func CreateSessionCookie(sessionId string) http.Cookie {
+ return http.Cookie{
+ Name: "id",
+ Value: sessionId,
+ MaxAge: 60 * 60 * 8, // 8 hours
+ Secure: true,
+ HttpOnly: true,
+ SameSite: http.SameSiteStrictMode,
+ Path: "/",
+ }
+}
diff --git a/template/workout/workout.templ b/template/workout/workout.templ
index c605663..a9bb397 100644
--- a/template/workout/workout.templ
+++ b/template/workout/workout.templ
@@ -1,73 +1,72 @@
package workout
templ WorkoutComp(currentDate string) {
-
-
-
-
+
+
+
+
}
type Workout struct {
- Id string
- Date string
- Type string
- Sets string
- Reps string
+Id string
+Date string
+Type string
+Sets string
+Reps string
}
templ WorkoutListComp(workouts []Workout) {
-
-
Workout history
-
-
-
- | Date |
- Type |
- Sets |
- Reps |
- |
-
-
+
+
Workout history
+
+
+
+ | Date |
+ Type |
+ Sets |
+ Reps |
+ |
+
+
+
-
+
|
- }
-
- | { w.Date } |
- { w.Type } |
- { w.Sets } |
- { w.Reps } |
-
-
-
-
- |
-
+if includePlaceholder {
+|
+}
+
+ | { w.Date } |
+ { w.Type } |
+ { w.Sets } |
+ { w.Reps } |
+
+
+
+
+ |
+
}