From 8aeb284d3015448e00abb0971f2abdcc5909ad0a Mon Sep 17 00:00:00 2001
From: Tim Wundenberg <tim@wundenbergs.de>
Date: Wed, 4 Dec 2024 23:15:40 +0100
Subject: [PATCH] tbs

---
 .../middleware/cross_site_request_forgery.go  | 21 ++++++++++++++++++
 handler/middleware/user.go                    | 22 +++++++++++++++++++
 2 files changed, 43 insertions(+)
 create mode 100644 handler/middleware/cross_site_request_forgery.go
 create mode 100644 handler/middleware/user.go

diff --git a/handler/middleware/cross_site_request_forgery.go b/handler/middleware/cross_site_request_forgery.go
new file mode 100644
index 0000000..cc695a8
--- /dev/null
+++ b/handler/middleware/cross_site_request_forgery.go
@@ -0,0 +1,21 @@
+package middleware
+
+import "net/http"
+
+func CrossSiteRequestForgery() func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			if r.Method == "POST" {
+				// Check the CSRF token
+				csrfToken := r.Header.Get("X-CSRF-Token")
+				sessionToken := r.Header.Get("X-Session-Token")
+				if csrfToken != sessionToken {
+					http.Error(w, "CSRF token mismatch", http.StatusForbidden)
+					return
+				}
+			}
+
+			next.ServeHTTP(w, r)
+		})
+	}
+}
diff --git a/handler/middleware/user.go b/handler/middleware/user.go
new file mode 100644
index 0000000..edd720d
--- /dev/null
+++ b/handler/middleware/user.go
@@ -0,0 +1,22 @@
+package middleware
+
+import (
+	"me-fit/service"
+
+	"net/http"
+)
+
+func UserAuth(service *service.AuthService) func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			// Check the user is logged in
+			sessionToken := r.Header.Get("X-Session-Token")
+			if sessionToken == "" {
+				http.Error(w, "Unauthorized", http.StatusUnauthorized)
+				return
+			}
+
+			next.ServeHTTP(w, r)
+		})
+	}
+}