x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity

tbs
Some checks failed
Build Docker Image / Build-Docker-Image (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Tim Wundenberg
2024-12-05 23:24:39 +01:00
parent 8aeb284d30
commit 3db73cb6e5
16 changed files with 228 additions and 181 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
handler/middleware/cross_site_request_forgery.go
View File

@@ -1,16 +1,20 @@
package middleware
import "net/http"
import (
"me-fit/service"
"net/http"
)
func CrossSiteRequestForgery() func(http.Handler) http.Handler {
func CrossSiteRequestForgery(auth *service.Auth) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// session := r.Context().Value(SessionKey)
if r.Method == "POST" {
// Check the CSRF token
csrfToken := r.Header.Get("X-CSRF-Token")
sessionToken := r.Header.Get("X-Session-Token")
if csrfToken != sessionToken {
http.Error(w, "CSRF token mismatch", http.StatusForbidden)
csrfToken := r.FormValue("csrf-token")
if csrfToken == "" {
http.Error(w, "", http.StatusForbidden)
return
}
}