This commit is contained in:
21
handler/middleware/cross_site_request_forgery.go
Normal file
21
handler/middleware/cross_site_request_forgery.go
Normal file
@@ -0,0 +1,21 @@
|
|||||||
|
package middleware
|
||||||
|
|
||||||
|
import "net/http"
|
||||||
|
|
||||||
|
func CrossSiteRequestForgery() func(http.Handler) http.Handler {
|
||||||
|
return func(next http.Handler) http.Handler {
|
||||||
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
if r.Method == "POST" {
|
||||||
|
// Check the CSRF token
|
||||||
|
csrfToken := r.Header.Get("X-CSRF-Token")
|
||||||
|
sessionToken := r.Header.Get("X-Session-Token")
|
||||||
|
if csrfToken != sessionToken {
|
||||||
|
http.Error(w, "CSRF token mismatch", http.StatusForbidden)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
next.ServeHTTP(w, r)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
22
handler/middleware/user.go
Normal file
22
handler/middleware/user.go
Normal file
@@ -0,0 +1,22 @@
|
|||||||
|
package middleware
|
||||||
|
|
||||||
|
import (
|
||||||
|
"me-fit/service"
|
||||||
|
|
||||||
|
"net/http"
|
||||||
|
)
|
||||||
|
|
||||||
|
func UserAuth(service *service.AuthService) func(http.Handler) http.Handler {
|
||||||
|
return func(next http.Handler) http.Handler {
|
||||||
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
// Check the user is logged in
|
||||||
|
sessionToken := r.Header.Get("X-Session-Token")
|
||||||
|
if sessionToken == "" {
|
||||||
|
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
next.ServeHTTP(w, r)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user