x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity

feat(security): #286 first try on csrf
Some checks failed
Build Docker Image / Build-Docker-Image (push) Failing after 38s
Details

Browse Source
This commit is contained in:
Tim Wundenberg
2024-12-06 22:42:23 +01:00
parent ed05b99deb
commit 61fe5e64bb
5 changed files with 52 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
service/auth.go
View File

@@ -71,7 +71,7 @@ type Auth interface {
SendForgotPasswordMail(email string) error
ForgotPassword(token string, newPass string) error
IsCsrfTokenValid(tokenStr string, userId uuid.UUID) bool
IsCsrfTokenValid(tokenStr string, sessionId string) bool
GetCsrfToken(session *Session) (string, error)
}
@@ -394,14 +394,14 @@ func (service AuthImpl) ForgotPassword(tokenStr string, newPass string) error {
return nil
}
func (service AuthImpl) IsCsrfTokenValid(tokenStr string, userId uuid.UUID) bool {
func (service AuthImpl) IsCsrfTokenValid(tokenStr string, sessionId string) bool {
token, err := service.db.GetToken(tokenStr)
if err != nil {
return false
}
if token.Type != db.TokenTypeCsrf ||
token.UserId != userId ||
token.SessionId != sessionId ||
token.ExpiresAt.Before(service.clock.Now()) {
return false