From c9e0188b6089a9c376307894e4174300740403ed Mon Sep 17 00:00:00 2001
From: Tim Wundenberg <tim@wundenbergs.de>
Date: Sun, 8 Dec 2024 15:10:36 +0100
Subject: [PATCH] feat(security): #286 anonymous sign in for csrf token on
 login form

---
 .../middleware/cross_site_request_forgery.go  |  26 +-
 output.log                                    | 685 ++++++++++++++++++
 service/auth.go                               |  14 +
 3 files changed, 722 insertions(+), 3 deletions(-)
 create mode 100644 output.log

diff --git a/handler/middleware/cross_site_request_forgery.go b/handler/middleware/cross_site_request_forgery.go
index 2edbaa9..920e568 100644
--- a/handler/middleware/cross_site_request_forgery.go
+++ b/handler/middleware/cross_site_request_forgery.go
@@ -22,9 +22,6 @@ func newCsrfResponseWriter(w http.ResponseWriter, auth service.Auth, session *se
 	}
 }
 
-
-TODO: Create session for CSRF token
-
 func (rr *csrfResponseWriter) Write(data []byte) (int, error) {
 	dataStr := string(data)
 	if strings.Contains(dataStr, "</form>") {
@@ -38,6 +35,10 @@ func (rr *csrfResponseWriter) Write(data []byte) (int, error) {
 	return rr.ResponseWriter.Write([]byte(dataStr))
 }
 
+func (rr *csrfResponseWriter) WriteHeader(statusCode int) {
+	rr.ResponseWriter.WriteHeader(statusCode)
+}
+
 func CrossSiteRequestForgery(auth service.Auth) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -56,6 +57,25 @@ func CrossSiteRequestForgery(auth service.Auth) func(http.Handler) http.Handler
 				}
 			}
 
+			if session == nil {
+				var err error
+				session, err = auth.SignInAnonymous()
+				if err != nil {
+					http.Error(w, "", http.StatusInternalServerError)
+					return
+				}
+			}
+			cookie := http.Cookie{
+				Name:     "id",
+				Value:    session.Id,
+				MaxAge:   60 * 60 * 8, // 8 hours
+				Secure:   true,
+				HttpOnly: true,
+				SameSite: http.SameSiteStrictMode,
+				Path:     "/",
+			}
+			http.SetCookie(w, &cookie)
+
 			responseWriter := newCsrfResponseWriter(w, auth, session)
 			next.ServeHTTP(responseWriter, r)
 		})
diff --git a/output.log b/output.log
new file mode 100644
index 0000000..186f6f6
--- /dev/null
+++ b/output.log
@@ -0,0 +1,685 @@
+2024/12/08 14:05:48 INFO Starting server...
+2024/12/08 14:05:48 INFO BASE_URL is "http://localhost:8080"
+2024/12/08 14:05:48 INFO ENVIRONMENT is "local"
+2024/12/08 14:05:48 INFO Starting server on ":8080"
+2024/12/08 14:05:52 http: panic serving 127.0.0.1:48440: runtime error: invalid memory address or nil pointer dereference
+goroutine 41 [running]:
+net/http.(*conn).serve.func1()
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:1947 +0xbe
+panic({0x954920?, 0xd829f0?})
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/runtime/panic.go:785 +0x132
+me-fit/service.AuthImpl.GetCsrfToken({{0xa9bfa8, 0xc000118068}, {0xa96960, 0xdf3de0}, {0xa936c0, 0xdf3de0}, {0xa93660, 0xc00013a040}, 0xc00013a040}, 0x0)
+	/home/tiwun/source/me-fit/service/auth.go:414 +0x8c
+me-fit/handler/middleware.(*csrfResponseWriter).Write(0xc00014acc0, {0xc000317000?, 0xc0001164f8?, 0xc00014ad20?})
+	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:28 +0x83
+bufio.(*Writer).Flush(0xc00013a4c0)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/bufio/bufio.go:639 +0x55
+github.com/a-h/templ/runtime.(*Buffer).Flush(0xc0001164f8)
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/buffer.go:28 +0x25
+github.com/a-h/templ/runtime.ReleaseBuffer({0xa93740?, 0xc0001164f8})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/bufferpool.go:35 +0x32
+me-fit/handler.(*Render).RenderLayout.Layout.func1.1()
+	/home/tiwun/source/me-fit/template/layout_templ.go:20 +0x27
+me-fit/handler.(*Render).RenderLayout.Layout.func1({{0xa97360?, 0xc000160cd0?}, {0x7fdfb1435998?, 0xc00014acc0?}})
+	/home/tiwun/source/me-fit/template/layout_templ.go:64 +0x439
+me-fit/handler.(*Render).RenderLayout.Layout.GeneratedTemplate.func2({0xa97360?, 0xc000160cd0?}, {0x7fdfb1435998?, 0xc00014acc0?})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/runtime.go:19 +0x2b
+github.com/a-h/templ.ComponentFunc.Render(0xd83840?, {0xa97360?, 0xc000160cd0?}, {0x7fdfb1435998?, 0xc00014acc0?})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime.go:40 +0x37
+me-fit/handler.(*Render).Render(0xc0001264e0?, 0xc000187598?, {0xa969f0, 0xc00014acc0}, {0xa93760?, 0xc000126500?})
+	/home/tiwun/source/me-fit/handler/render.go:26 +0x85
+me-fit/handler.(*Render).RenderLayout(0xc000118078, 0xc000318000, {0xa969f0, 0xc00014acc0}, {0xa93760, 0xc0001264e0}, 0x7fdfb1431ea8?)
+	/home/tiwun/source/me-fit/handler/render.go:37 +0x14a
+me-fit/handler.AuthImpl.Handle.AuthImpl.handleSignInPage.func1({0xa969f0, 0xc00014acc0}, 0xc000318000)
+	/home/tiwun/source/me-fit/handler/auth.go:74 +0xb9
+net/http.HandlerFunc.ServeHTTP(0xc00017c000?, {0xa969f0?, 0xc00014acc0?}, 0xc000187688?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+net/http.(*ServeMux).ServeHTTP(0x995fc0?, {0xa969f0, 0xc00014acc0}, 0xc000318000)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2747 +0x1ca
+me-fit/handler/middleware.Coop.func1({0xa969f0, 0xc00014acc0}, 0xc000318000)
+	/home/tiwun/source/me-fit/handler/middleware/coop.go:11 +0xf0
+net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa969f0?, 0xc00014acc0?}, 0x1c?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.Corp.func1({0xa969f0, 0xc00014acc0}, 0xc000318000)
+	/home/tiwun/source/me-fit/handler/middleware/corp.go:11 +0xf0
+net/http.HandlerFunc.ServeHTTP(0xa96a20?, {0xa969f0?, 0xc00014acc0?}, 0xc0001600a0?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.CrossSiteRequestForgery.func3.1({0xa96a20, 0xc0001164c8}, 0xc000318000)
+	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:57 +0x151
+net/http.HandlerFunc.ServeHTTP(0xc00014ac30?, {0xa96a20?, 0xc0001164c8?}, 0x9ddfd8?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.Cors.func2.1({0xa96a20, 0xc0001164c8}, 0xc000318000)
+	/home/tiwun/source/me-fit/handler/middleware/cors.go:20 +0xec
+net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa96a20?, 0xc0001164c8?}, 0x17?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.ContentSecurityPolicy.func1({0xa96a20, 0xc0001164c8}, 0xc000318000)
+	/home/tiwun/source/me-fit/handler/middleware/content_security_policiy.go:27 +0x11f
+net/http.HandlerFunc.ServeHTTP(0xb9?, {0xa96a20?, 0xc0001164c8?}, 0xd2b1243e00000003?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.Log.func1({0xa96b70, 0xc00017c0e0}, 0xc000318000)
+	/home/tiwun/source/me-fit/handler/middleware/logger.go:42 +0xe2
+net/http.HandlerFunc.ServeHTTP(0xa936e0?, {0xa96b70?, 0xc00017c0e0?}, 0x446920?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.Wrapper.func4({0xa96b70, 0xc00017c0e0}, 0xc000318000)
+	/home/tiwun/source/me-fit/handler/middleware/wrapper.go:11 +0x88
+net/http.HandlerFunc.ServeHTTP(0x46b139?, {0xa96b70?, 0xc00017c0e0?}, 0xc000187b70?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+net/http.serverHandler.ServeHTTP({0xc00014ab40?}, {0xa96b70?, 0xc00017c0e0?}, 0x6?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3210 +0x8e
+net/http.(*conn).serve(0xc00015e1b0, {0xa97328, 0xc00014aa50})
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2092 +0x5d0
+created by net/http.(*Server).Serve in goroutine 38
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3360 +0x485
+2024/12/08 14:05:52 http: panic serving 127.0.0.1:48450: runtime error: invalid memory address or nil pointer dereference
+goroutine 21 [running]:
+net/http.(*conn).serve.func1()
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:1947 +0xbe
+panic({0x954920?, 0xd829f0?})
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/runtime/panic.go:785 +0x132
+me-fit/service.AuthImpl.GetCsrfToken({{0xa9bfa8, 0xc000118068}, {0xa96960, 0xdf3de0}, {0xa936c0, 0xdf3de0}, {0xa93660, 0xc00013a040}, 0xc00013a040}, 0x0)
+	/home/tiwun/source/me-fit/service/auth.go:414 +0x8c
+me-fit/handler/middleware.(*csrfResponseWriter).Write(0xc0002202d0, {0xc00025c000?, 0xc000206150?, 0xc000220330?})
+	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:28 +0x83
+bufio.(*Writer).Flush(0xc00021a140)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/bufio/bufio.go:639 +0x55
+github.com/a-h/templ/runtime.(*Buffer).Flush(0xc000206150)
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/buffer.go:28 +0x25
+github.com/a-h/templ/runtime.ReleaseBuffer({0xa93740?, 0xc000206150})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/bufferpool.go:35 +0x32
+me-fit/handler.(*Render).RenderLayout.Layout.func1.1()
+	/home/tiwun/source/me-fit/template/layout_templ.go:20 +0x27
+me-fit/handler.(*Render).RenderLayout.Layout.func1({{0xa97360?, 0xc00021e0f0?}, {0x7fdfb1435998?, 0xc0002202d0?}})
+	/home/tiwun/source/me-fit/template/layout_templ.go:64 +0x439
+me-fit/handler.(*Render).RenderLayout.Layout.GeneratedTemplate.func2({0xa97360?, 0xc00021e0f0?}, {0x7fdfb1435998?, 0xc0002202d0?})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/runtime.go:19 +0x2b
+github.com/a-h/templ.ComponentFunc.Render(0xd83840?, {0xa97360?, 0xc00021e0f0?}, {0x7fdfb1435998?, 0xc0002202d0?})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime.go:40 +0x37
+me-fit/handler.(*Render).Render(0xa97360?, 0xc000183598?, {0xa969f0, 0xc0002202d0}, {0xa93760?, 0xc000218110?})
+	/home/tiwun/source/me-fit/handler/render.go:26 +0x85
+me-fit/handler.(*Render).RenderLayout(0xc000118078, 0xc000244000, {0xa969f0, 0xc0002202d0}, {0xa93760, 0xc0002180f0}, 0x7fdfb1489958?)
+	/home/tiwun/source/me-fit/handler/render.go:37 +0x14a
+me-fit/handler.AuthImpl.Handle.AuthImpl.handleSignInPage.func1({0xa969f0, 0xc0002202d0}, 0xc000244000)
+	/home/tiwun/source/me-fit/handler/auth.go:74 +0xb9
+net/http.HandlerFunc.ServeHTTP(0xc00017c000?, {0xa969f0?, 0xc0002202d0?}, 0xc00023e688?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+net/http.(*ServeMux).ServeHTTP(0x995fc0?, {0xa969f0, 0xc0002202d0}, 0xc000244000)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2747 +0x1ca
+me-fit/handler/middleware.Coop.func1({0xa969f0, 0xc0002202d0}, 0xc000244000)
+	/home/tiwun/source/me-fit/handler/middleware/coop.go:11 +0xf0
+net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa969f0?, 0xc0002202d0?}, 0x1c?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.Corp.func1({0xa969f0, 0xc0002202d0}, 0xc000244000)
+	/home/tiwun/source/me-fit/handler/middleware/corp.go:11 +0xf0
+net/http.HandlerFunc.ServeHTTP(0xa96a20?, {0xa969f0?, 0xc0002202d0?}, 0xc0001600a0?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.CrossSiteRequestForgery.func3.1({0xa96a20, 0xc000206120}, 0xc000244000)
+	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:57 +0x151
+net/http.HandlerFunc.ServeHTTP(0xc000220240?, {0xa96a20?, 0xc000206120?}, 0x9ddfd8?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.Cors.func2.1({0xa96a20, 0xc000206120}, 0xc000244000)
+	/home/tiwun/source/me-fit/handler/middleware/cors.go:20 +0xec
+net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa96a20?, 0xc000206120?}, 0x17?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.ContentSecurityPolicy.func1({0xa96a20, 0xc000206120}, 0xc000244000)
+	/home/tiwun/source/me-fit/handler/middleware/content_security_policiy.go:27 +0x11f
+net/http.HandlerFunc.ServeHTTP(0xb9?, {0xa96a20?, 0xc000206120?}, 0x2adb28e700000003?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.Log.func1({0xa96b70, 0xc00024c000}, 0xc000244000)
+	/home/tiwun/source/me-fit/handler/middleware/logger.go:42 +0xe2
+net/http.HandlerFunc.ServeHTTP(0xa936e0?, {0xa96b70?, 0xc00024c000?}, 0x446920?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.Wrapper.func4({0xa96b70, 0xc00024c000}, 0xc000244000)
+	/home/tiwun/source/me-fit/handler/middleware/wrapper.go:11 +0x88
+net/http.HandlerFunc.ServeHTTP(0x46b139?, {0xa96b70?, 0xc00024c000?}, 0xc00023eb70?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+net/http.serverHandler.ServeHTTP({0xc000220180?}, {0xa96b70?, 0xc00024c000?}, 0x6?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3210 +0x8e
+net/http.(*conn).serve(0xc000238000, {0xa97328, 0xc00014aa50})
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2092 +0x5d0
+created by net/http.(*Server).Serve in goroutine 38
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3360 +0x485
+2024/12/08 14:05:52 http: panic serving 127.0.0.1:48460: runtime error: invalid memory address or nil pointer dereference
+goroutine 23 [running]:
+net/http.(*conn).serve.func1()
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:1947 +0xbe
+panic({0x954920?, 0xd829f0?})
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/runtime/panic.go:785 +0x132
+me-fit/service.AuthImpl.GetCsrfToken({{0xa9bfa8, 0xc000118068}, {0xa96960, 0xdf3de0}, {0xa936c0, 0xdf3de0}, {0xa93660, 0xc00013a040}, 0xc00013a040}, 0x0)
+	/home/tiwun/source/me-fit/service/auth.go:414 +0x8c
+me-fit/handler/middleware.(*csrfResponseWriter).Write(0xc000220510, {0xc00025d000?, 0xc000206210?, 0xc000220570?})
+	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:28 +0x83
+bufio.(*Writer).Flush(0xc00021a240)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/bufio/bufio.go:639 +0x55
+github.com/a-h/templ/runtime.(*Buffer).Flush(0xc000206210)
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/buffer.go:28 +0x25
+github.com/a-h/templ/runtime.ReleaseBuffer({0xa93740?, 0xc000206210})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/bufferpool.go:35 +0x32
+me-fit/handler.(*Render).RenderLayout.Layout.func1.1()
+	/home/tiwun/source/me-fit/template/layout_templ.go:20 +0x27
+me-fit/handler.(*Render).RenderLayout.Layout.func1({{0xa97360?, 0xc00021e1e0?}, {0x7fdfb1435998?, 0xc000220510?}})
+	/home/tiwun/source/me-fit/template/layout_templ.go:64 +0x439
+me-fit/handler.(*Render).RenderLayout.Layout.GeneratedTemplate.func2({0xa97360?, 0xc00021e1e0?}, {0x7fdfb1435998?, 0xc000220510?})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/runtime.go:19 +0x2b
+github.com/a-h/templ.ComponentFunc.Render(0xd83840?, {0xa97360?, 0xc00021e1e0?}, {0x7fdfb1435998?, 0xc000220510?})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime.go:40 +0x37
+me-fit/handler.(*Render).Render(0xa97360?, 0xc000183598?, {0xa969f0, 0xc000220510}, {0xa93760?, 0xc000218200?})
+	/home/tiwun/source/me-fit/handler/render.go:26 +0x85
+me-fit/handler.(*Render).RenderLayout(0xc000118078, 0xc000244140, {0xa969f0, 0xc000220510}, {0xa93760, 0xc0002181e0}, 0x7fdfb1489958?)
+	/home/tiwun/source/me-fit/handler/render.go:37 +0x14a
+me-fit/handler.AuthImpl.Handle.AuthImpl.handleSignInPage.func1({0xa969f0, 0xc000220510}, 0xc000244140)
+	/home/tiwun/source/me-fit/handler/auth.go:74 +0xb9
+net/http.HandlerFunc.ServeHTTP(0xc00017c000?, {0xa969f0?, 0xc000220510?}, 0xc00023e688?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+net/http.(*ServeMux).ServeHTTP(0x995fc0?, {0xa969f0, 0xc000220510}, 0xc000244140)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2747 +0x1ca
+me-fit/handler/middleware.Coop.func1({0xa969f0, 0xc000220510}, 0xc000244140)
+	/home/tiwun/source/me-fit/handler/middleware/coop.go:11 +0xf0
+net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa969f0?, 0xc000220510?}, 0x1c?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.Corp.func1({0xa969f0, 0xc000220510}, 0xc000244140)
+	/home/tiwun/source/me-fit/handler/middleware/corp.go:11 +0xf0
+net/http.HandlerFunc.ServeHTTP(0xa96a20?, {0xa969f0?, 0xc000220510?}, 0xc0001600a0?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.CrossSiteRequestForgery.func3.1({0xa96a20, 0xc0002061e0}, 0xc000244140)
+	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:57 +0x151
+net/http.HandlerFunc.ServeHTTP(0xc000220480?, {0xa96a20?, 0xc0002061e0?}, 0x9ddfd8?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.Cors.func2.1({0xa96a20, 0xc0002061e0}, 0xc000244140)
+	/home/tiwun/source/me-fit/handler/middleware/cors.go:20 +0xec
+net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa96a20?, 0xc0002061e0?}, 0x17?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.ContentSecurityPolicy.func1({0xa96a20, 0xc0002061e0}, 0xc000244140)
+	/home/tiwun/source/me-fit/handler/middleware/content_security_policiy.go:27 +0x11f
+net/http.HandlerFunc.ServeHTTP(0xb9?, {0xa96a20?, 0xc0002061e0?}, 0x7a75ac3900000003?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.Log.func1({0xa96b70, 0xc00024c0e0}, 0xc000244140)
+	/home/tiwun/source/me-fit/handler/middleware/logger.go:42 +0xe2
+net/http.HandlerFunc.ServeHTTP(0xa936e0?, {0xa96b70?, 0xc00024c0e0?}, 0x446920?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.Wrapper.func4({0xa96b70, 0xc00024c0e0}, 0xc000244140)
+	/home/tiwun/source/me-fit/handler/middleware/wrapper.go:11 +0x88
+net/http.HandlerFunc.ServeHTTP(0x46b139?, {0xa96b70?, 0xc00024c0e0?}, 0xc00023eb70?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+net/http.serverHandler.ServeHTTP({0xc0002203f0?}, {0xa96b70?, 0xc00024c0e0?}, 0x6?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3210 +0x8e
+net/http.(*conn).serve(0xc0002381b0, {0xa97328, 0xc00014aa50})
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2092 +0x5d0
+created by net/http.(*Server).Serve in goroutine 38
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3360 +0x485
+2024/12/08 14:05:52 http: panic serving 127.0.0.1:48468: runtime error: invalid memory address or nil pointer dereference
+goroutine 50 [running]:
+net/http.(*conn).serve.func1()
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:1947 +0xbe
+panic({0x954920?, 0xd829f0?})
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/runtime/panic.go:785 +0x132
+me-fit/service.AuthImpl.GetCsrfToken({{0xa9bfa8, 0xc000118068}, {0xa96960, 0xdf3de0}, {0xa936c0, 0xdf3de0}, {0xa93660, 0xc00013a040}, 0xc00013a040}, 0x0)
+	/home/tiwun/source/me-fit/service/auth.go:414 +0x8c
+me-fit/handler/middleware.(*csrfResponseWriter).Write(0xc0002861e0, {0xc0002c4000?, 0xc0002ac078?, 0xc000286240?})
+	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:28 +0x83
+bufio.(*Writer).Flush(0xc000296100)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/bufio/bufio.go:639 +0x55
+github.com/a-h/templ/runtime.(*Buffer).Flush(0xc0002ac078)
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/buffer.go:28 +0x25
+github.com/a-h/templ/runtime.ReleaseBuffer({0xa93740?, 0xc0002ac078})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/bufferpool.go:35 +0x32
+me-fit/handler.(*Render).RenderLayout.Layout.func1.1()
+	/home/tiwun/source/me-fit/template/layout_templ.go:20 +0x27
+me-fit/handler.(*Render).RenderLayout.Layout.func1({{0xa97360?, 0xc000290050?}, {0x7fdfb1435998?, 0xc0002861e0?}})
+	/home/tiwun/source/me-fit/template/layout_templ.go:64 +0x439
+me-fit/handler.(*Render).RenderLayout.Layout.GeneratedTemplate.func2({0xa97360?, 0xc000290050?}, {0x7fdfb1435998?, 0xc0002861e0?})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/runtime.go:19 +0x2b
+github.com/a-h/templ.ComponentFunc.Render(0xd83840?, {0xa97360?, 0xc000290050?}, {0x7fdfb1435998?, 0xc0002861e0?})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime.go:40 +0x37
+me-fit/handler.(*Render).Render(0xc0002920b0?, 0xc0002c1598?, {0xa969f0, 0xc0002861e0}, {0xa93760?, 0xc0002920d0?})
+	/home/tiwun/source/me-fit/handler/render.go:26 +0x85
+me-fit/handler.(*Render).RenderLayout(0xc000118078, 0xc000298000, {0xa969f0, 0xc0002861e0}, {0xa93760, 0xc0002920b0}, 0x7fdf6837c908?)
+	/home/tiwun/source/me-fit/handler/render.go:37 +0x14a
+me-fit/handler.AuthImpl.Handle.AuthImpl.handleSignInPage.func1({0xa969f0, 0xc0002861e0}, 0xc000298000)
+	/home/tiwun/source/me-fit/handler/auth.go:74 +0xb9
+net/http.HandlerFunc.ServeHTTP(0xc00017c000?, {0xa969f0?, 0xc0002861e0?}, 0xc00023a688?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+net/http.(*ServeMux).ServeHTTP(0x995fc0?, {0xa969f0, 0xc0002861e0}, 0xc000298000)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2747 +0x1ca
+me-fit/handler/middleware.Coop.func1({0xa969f0, 0xc0002861e0}, 0xc000298000)
+	/home/tiwun/source/me-fit/handler/middleware/coop.go:11 +0xf0
+net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa969f0?, 0xc0002861e0?}, 0x1c?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.Corp.func1({0xa969f0, 0xc0002861e0}, 0xc000298000)
+	/home/tiwun/source/me-fit/handler/middleware/corp.go:11 +0xf0
+net/http.HandlerFunc.ServeHTTP(0xa96a20?, {0xa969f0?, 0xc0002861e0?}, 0xc0001600a0?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.CrossSiteRequestForgery.func3.1({0xa96a20, 0xc0002ac048}, 0xc000298000)
+	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:57 +0x151
+net/http.HandlerFunc.ServeHTTP(0xc000286150?, {0xa96a20?, 0xc0002ac048?}, 0x9ddfd8?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.Cors.func2.1({0xa96a20, 0xc0002ac048}, 0xc000298000)
+	/home/tiwun/source/me-fit/handler/middleware/cors.go:20 +0xec
+net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa96a20?, 0xc0002ac048?}, 0x17?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.ContentSecurityPolicy.func1({0xa96a20, 0xc0002ac048}, 0xc000298000)
+	/home/tiwun/source/me-fit/handler/middleware/content_security_policiy.go:27 +0x11f
+net/http.HandlerFunc.ServeHTTP(0xb9?, {0xa96a20?, 0xc0002ac048?}, 0xd6290e4300000003?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.Log.func1({0xa96b70, 0xc0002a6000}, 0xc000298000)
+	/home/tiwun/source/me-fit/handler/middleware/logger.go:42 +0xe2
+net/http.HandlerFunc.ServeHTTP(0xa936e0?, {0xa96b70?, 0xc0002a6000?}, 0x446920?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.Wrapper.func4({0xa96b70, 0xc0002a6000}, 0xc000298000)
+	/home/tiwun/source/me-fit/handler/middleware/wrapper.go:11 +0x88
+net/http.HandlerFunc.ServeHTTP(0x46b139?, {0xa96b70?, 0xc0002a6000?}, 0xc00023ab70?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+net/http.serverHandler.ServeHTTP({0xc000286090?}, {0xa96b70?, 0xc0002a6000?}, 0x6?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3210 +0x8e
+net/http.(*conn).serve(0xc00028a000, {0xa97328, 0xc00014aa50})
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2092 +0x5d0
+created by net/http.(*Server).Serve in goroutine 38
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3360 +0x485
+2024/12/08 14:05:52 http: panic serving 127.0.0.1:48470: runtime error: invalid memory address or nil pointer dereference
+goroutine 52 [running]:
+net/http.(*conn).serve.func1()
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:1947 +0xbe
+panic({0x954920?, 0xd829f0?})
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/runtime/panic.go:785 +0x132
+me-fit/service.AuthImpl.GetCsrfToken({{0xa9bfa8, 0xc000118068}, {0xa96960, 0xdf3de0}, {0xa936c0, 0xdf3de0}, {0xa93660, 0xc00013a040}, 0xc00013a040}, 0x0)
+	/home/tiwun/source/me-fit/service/auth.go:414 +0x8c
+me-fit/handler/middleware.(*csrfResponseWriter).Write(0xc000286420, {0xc0002c5000?, 0xc0002ac138?, 0xc000286480?})
+	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:28 +0x83
+bufio.(*Writer).Flush(0xc000296200)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/bufio/bufio.go:639 +0x55
+github.com/a-h/templ/runtime.(*Buffer).Flush(0xc0002ac138)
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/buffer.go:28 +0x25
+github.com/a-h/templ/runtime.ReleaseBuffer({0xa93740?, 0xc0002ac138})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/bufferpool.go:35 +0x32
+me-fit/handler.(*Render).RenderLayout.Layout.func1.1()
+	/home/tiwun/source/me-fit/template/layout_templ.go:20 +0x27
+me-fit/handler.(*Render).RenderLayout.Layout.func1({{0xa97360?, 0xc000290140?}, {0x7fdfb1435998?, 0xc000286420?}})
+	/home/tiwun/source/me-fit/template/layout_templ.go:64 +0x439
+me-fit/handler.(*Render).RenderLayout.Layout.GeneratedTemplate.func2({0xa97360?, 0xc000290140?}, {0x7fdfb1435998?, 0xc000286420?})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/runtime.go:19 +0x2b
+github.com/a-h/templ.ComponentFunc.Render(0xd83840?, {0xa97360?, 0xc000290140?}, {0x7fdfb1435998?, 0xc000286420?})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime.go:40 +0x37
+me-fit/handler.(*Render).Render(0xc0002921a0?, 0xc0002c1598?, {0xa969f0, 0xc000286420}, {0xa93760?, 0xc0002921c0?})
+	/home/tiwun/source/me-fit/handler/render.go:26 +0x85
+me-fit/handler.(*Render).RenderLayout(0xc000118078, 0xc000298140, {0xa969f0, 0xc000286420}, {0xa93760, 0xc0002921a0}, 0x7fdf6837c908?)
+	/home/tiwun/source/me-fit/handler/render.go:37 +0x14a
+me-fit/handler.AuthImpl.Handle.AuthImpl.handleSignInPage.func1({0xa969f0, 0xc000286420}, 0xc000298140)
+	/home/tiwun/source/me-fit/handler/auth.go:74 +0xb9
+net/http.HandlerFunc.ServeHTTP(0xc00017c000?, {0xa969f0?, 0xc000286420?}, 0xc00023a688?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+net/http.(*ServeMux).ServeHTTP(0x995fc0?, {0xa969f0, 0xc000286420}, 0xc000298140)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2747 +0x1ca
+me-fit/handler/middleware.Coop.func1({0xa969f0, 0xc000286420}, 0xc000298140)
+	/home/tiwun/source/me-fit/handler/middleware/coop.go:11 +0xf0
+net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa969f0?, 0xc000286420?}, 0x1c?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.Corp.func1({0xa969f0, 0xc000286420}, 0xc000298140)
+	/home/tiwun/source/me-fit/handler/middleware/corp.go:11 +0xf0
+net/http.HandlerFunc.ServeHTTP(0xa96a20?, {0xa969f0?, 0xc000286420?}, 0xc0001600a0?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.CrossSiteRequestForgery.func3.1({0xa96a20, 0xc0002ac108}, 0xc000298140)
+	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:57 +0x151
+net/http.HandlerFunc.ServeHTTP(0xc000286390?, {0xa96a20?, 0xc0002ac108?}, 0x9ddfd8?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.Cors.func2.1({0xa96a20, 0xc0002ac108}, 0xc000298140)
+	/home/tiwun/source/me-fit/handler/middleware/cors.go:20 +0xec
+net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa96a20?, 0xc0002ac108?}, 0x17?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.ContentSecurityPolicy.func1({0xa96a20, 0xc0002ac108}, 0xc000298140)
+	/home/tiwun/source/me-fit/handler/middleware/content_security_policiy.go:27 +0x11f
+net/http.HandlerFunc.ServeHTTP(0xb9?, {0xa96a20?, 0xc0002ac108?}, 0xd2f9999c00000003?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.Log.func1({0xa96b70, 0xc0002a60e0}, 0xc000298140)
+	/home/tiwun/source/me-fit/handler/middleware/logger.go:42 +0xe2
+net/http.HandlerFunc.ServeHTTP(0xa936e0?, {0xa96b70?, 0xc0002a60e0?}, 0x446920?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.Wrapper.func4({0xa96b70, 0xc0002a60e0}, 0xc000298140)
+	/home/tiwun/source/me-fit/handler/middleware/wrapper.go:11 +0x88
+net/http.HandlerFunc.ServeHTTP(0x46b139?, {0xa96b70?, 0xc0002a60e0?}, 0xc00023ab70?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+net/http.serverHandler.ServeHTTP({0xc000286300?}, {0xa96b70?, 0xc0002a60e0?}, 0x6?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3210 +0x8e
+net/http.(*conn).serve(0xc00028a1b0, {0xa97328, 0xc00014aa50})
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2092 +0x5d0
+created by net/http.(*Server).Serve in goroutine 38
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3360 +0x485
+2024/12/08 14:05:52 http: panic serving 127.0.0.1:48472: runtime error: invalid memory address or nil pointer dereference
+goroutine 54 [running]:
+net/http.(*conn).serve.func1()
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:1947 +0xbe
+panic({0x954920?, 0xd829f0?})
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/runtime/panic.go:785 +0x132
+me-fit/service.AuthImpl.GetCsrfToken({{0xa9bfa8, 0xc000118068}, {0xa96960, 0xdf3de0}, {0xa936c0, 0xdf3de0}, {0xa93660, 0xc00013a040}, 0xc00013a040}, 0x0)
+	/home/tiwun/source/me-fit/service/auth.go:414 +0x8c
+me-fit/handler/middleware.(*csrfResponseWriter).Write(0xc000286660, {0xc0002f4000?, 0xc0002ac1e0?, 0xc0002866c0?})
+	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:28 +0x83
+bufio.(*Writer).Flush(0xc000296300)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/bufio/bufio.go:639 +0x55
+github.com/a-h/templ/runtime.(*Buffer).Flush(0xc0002ac1e0)
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/buffer.go:28 +0x25
+github.com/a-h/templ/runtime.ReleaseBuffer({0xa93740?, 0xc0002ac1e0})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/bufferpool.go:35 +0x32
+me-fit/handler.(*Render).RenderLayout.Layout.func1.1()
+	/home/tiwun/source/me-fit/template/layout_templ.go:20 +0x27
+me-fit/handler.(*Render).RenderLayout.Layout.func1({{0xa97360?, 0xc000290230?}, {0x7fdfb1435998?, 0xc000286660?}})
+	/home/tiwun/source/me-fit/template/layout_templ.go:64 +0x439
+me-fit/handler.(*Render).RenderLayout.Layout.GeneratedTemplate.func2({0xa97360?, 0xc000290230?}, {0x7fdfb1435998?, 0xc000286660?})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/runtime.go:19 +0x2b
+github.com/a-h/templ.ComponentFunc.Render(0xd83840?, {0xa97360?, 0xc000290230?}, {0x7fdfb1435998?, 0xc000286660?})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime.go:40 +0x37
+me-fit/handler.(*Render).Render(0xc000292290?, 0xc0002c1598?, {0xa969f0, 0xc000286660}, {0xa93760?, 0xc0002922b0?})
+	/home/tiwun/source/me-fit/handler/render.go:26 +0x85
+me-fit/handler.(*Render).RenderLayout(0xc000118078, 0xc000298280, {0xa969f0, 0xc000286660}, {0xa93760, 0xc000292290}, 0x7fdf6837c908?)
+	/home/tiwun/source/me-fit/handler/render.go:37 +0x14a
+me-fit/handler.AuthImpl.Handle.AuthImpl.handleSignInPage.func1({0xa969f0, 0xc000286660}, 0xc000298280)
+	/home/tiwun/source/me-fit/handler/auth.go:74 +0xb9
+net/http.HandlerFunc.ServeHTTP(0xc00017c000?, {0xa969f0?, 0xc000286660?}, 0xc00023a688?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+net/http.(*ServeMux).ServeHTTP(0x995fc0?, {0xa969f0, 0xc000286660}, 0xc000298280)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2747 +0x1ca
+me-fit/handler/middleware.Coop.func1({0xa969f0, 0xc000286660}, 0xc000298280)
+	/home/tiwun/source/me-fit/handler/middleware/coop.go:11 +0xf0
+net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa969f0?, 0xc000286660?}, 0x1c?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.Corp.func1({0xa969f0, 0xc000286660}, 0xc000298280)
+	/home/tiwun/source/me-fit/handler/middleware/corp.go:11 +0xf0
+net/http.HandlerFunc.ServeHTTP(0xa96a20?, {0xa969f0?, 0xc000286660?}, 0xc0001600a0?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.CrossSiteRequestForgery.func3.1({0xa96a20, 0xc0002ac1b0}, 0xc000298280)
+	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:57 +0x151
+net/http.HandlerFunc.ServeHTTP(0xc0002865d0?, {0xa96a20?, 0xc0002ac1b0?}, 0x9ddfd8?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.Cors.func2.1({0xa96a20, 0xc0002ac1b0}, 0xc000298280)
+	/home/tiwun/source/me-fit/handler/middleware/cors.go:20 +0xec
+net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa96a20?, 0xc0002ac1b0?}, 0x17?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.ContentSecurityPolicy.func1({0xa96a20, 0xc0002ac1b0}, 0xc000298280)
+	/home/tiwun/source/me-fit/handler/middleware/content_security_policiy.go:27 +0x11f
+net/http.HandlerFunc.ServeHTTP(0xb9?, {0xa96a20?, 0xc0002ac1b0?}, 0xa901b9c100000003?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.Log.func1({0xa96b70, 0xc0002a61c0}, 0xc000298280)
+	/home/tiwun/source/me-fit/handler/middleware/logger.go:42 +0xe2
+net/http.HandlerFunc.ServeHTTP(0xa936e0?, {0xa96b70?, 0xc0002a61c0?}, 0x446920?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.Wrapper.func4({0xa96b70, 0xc0002a61c0}, 0xc000298280)
+	/home/tiwun/source/me-fit/handler/middleware/wrapper.go:11 +0x88
+net/http.HandlerFunc.ServeHTTP(0x46b139?, {0xa96b70?, 0xc0002a61c0?}, 0xc00023ab70?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+net/http.serverHandler.ServeHTTP({0xc000286540?}, {0xa96b70?, 0xc0002a61c0?}, 0x6?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3210 +0x8e
+net/http.(*conn).serve(0xc00028a360, {0xa97328, 0xc00014aa50})
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2092 +0x5d0
+created by net/http.(*Server).Serve in goroutine 38
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3360 +0x485
+2024/12/08 14:05:52 http: panic serving 127.0.0.1:48484: runtime error: invalid memory address or nil pointer dereference
+goroutine 56 [running]:
+net/http.(*conn).serve.func1()
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:1947 +0xbe
+panic({0x954920?, 0xd829f0?})
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/runtime/panic.go:785 +0x132
+me-fit/service.AuthImpl.GetCsrfToken({{0xa9bfa8, 0xc000118068}, {0xa96960, 0xdf3de0}, {0xa936c0, 0xdf3de0}, {0xa93660, 0xc00013a040}, 0xc00013a040}, 0x0)
+	/home/tiwun/source/me-fit/service/auth.go:414 +0x8c
+me-fit/handler/middleware.(*csrfResponseWriter).Write(0xc0002206f0, {0xc00027c000?, 0xc0002062b8?, 0xc000220750?})
+	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:28 +0x83
+bufio.(*Writer).Flush(0xc00021a340)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/bufio/bufio.go:639 +0x55
+github.com/a-h/templ/runtime.(*Buffer).Flush(0xc0002062b8)
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/buffer.go:28 +0x25
+github.com/a-h/templ/runtime.ReleaseBuffer({0xa93740?, 0xc0002062b8})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/bufferpool.go:35 +0x32
+me-fit/handler.(*Render).RenderLayout.Layout.func1.1()
+	/home/tiwun/source/me-fit/template/layout_templ.go:20 +0x27
+me-fit/handler.(*Render).RenderLayout.Layout.func1({{0xa97360?, 0xc00021e2d0?}, {0x7fdfb1435998?, 0xc0002206f0?}})
+	/home/tiwun/source/me-fit/template/layout_templ.go:64 +0x439
+me-fit/handler.(*Render).RenderLayout.Layout.GeneratedTemplate.func2({0xa97360?, 0xc00021e2d0?}, {0x7fdfb1435998?, 0xc0002206f0?})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/runtime.go:19 +0x2b
+github.com/a-h/templ.ComponentFunc.Render(0xd83840?, {0xa97360?, 0xc00021e2d0?}, {0x7fdfb1435998?, 0xc0002206f0?})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime.go:40 +0x37
+me-fit/handler.(*Render).Render(0xa97360?, 0xc000183598?, {0xa969f0, 0xc0002206f0}, {0xa93760?, 0xc0002182f0?})
+	/home/tiwun/source/me-fit/handler/render.go:26 +0x85
+me-fit/handler.(*Render).RenderLayout(0xc000118078, 0xc000244280, {0xa969f0, 0xc0002206f0}, {0xa93760, 0xc0002182d0}, 0x7fdfb1489958?)
+	/home/tiwun/source/me-fit/handler/render.go:37 +0x14a
+me-fit/handler.AuthImpl.Handle.AuthImpl.handleSignInPage.func1({0xa969f0, 0xc0002206f0}, 0xc000244280)
+	/home/tiwun/source/me-fit/handler/auth.go:74 +0xb9
+net/http.HandlerFunc.ServeHTTP(0xc00017c000?, {0xa969f0?, 0xc0002206f0?}, 0xc00023e688?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+net/http.(*ServeMux).ServeHTTP(0x995fc0?, {0xa969f0, 0xc0002206f0}, 0xc000244280)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2747 +0x1ca
+me-fit/handler/middleware.Coop.func1({0xa969f0, 0xc0002206f0}, 0xc000244280)
+	/home/tiwun/source/me-fit/handler/middleware/coop.go:11 +0xf0
+net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa969f0?, 0xc0002206f0?}, 0x1c?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.Corp.func1({0xa969f0, 0xc0002206f0}, 0xc000244280)
+	/home/tiwun/source/me-fit/handler/middleware/corp.go:11 +0xf0
+net/http.HandlerFunc.ServeHTTP(0xa96a20?, {0xa969f0?, 0xc0002206f0?}, 0xc0001600a0?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.CrossSiteRequestForgery.func3.1({0xa96a20, 0xc000206288}, 0xc000244280)
+	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:57 +0x151
+net/http.HandlerFunc.ServeHTTP(0xc000220660?, {0xa96a20?, 0xc000206288?}, 0x9ddfd8?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.Cors.func2.1({0xa96a20, 0xc000206288}, 0xc000244280)
+	/home/tiwun/source/me-fit/handler/middleware/cors.go:20 +0xec
+net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa96a20?, 0xc000206288?}, 0x17?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.ContentSecurityPolicy.func1({0xa96a20, 0xc000206288}, 0xc000244280)
+	/home/tiwun/source/me-fit/handler/middleware/content_security_policiy.go:27 +0x11f
+net/http.HandlerFunc.ServeHTTP(0xb9?, {0xa96a20?, 0xc000206288?}, 0x8fb7961600000003?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.Log.func1({0xa96b70, 0xc00024c1c0}, 0xc000244280)
+	/home/tiwun/source/me-fit/handler/middleware/logger.go:42 +0xe2
+net/http.HandlerFunc.ServeHTTP(0xa936e0?, {0xa96b70?, 0xc00024c1c0?}, 0x446920?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.Wrapper.func4({0xa96b70, 0xc00024c1c0}, 0xc000244280)
+	/home/tiwun/source/me-fit/handler/middleware/wrapper.go:11 +0x88
+net/http.HandlerFunc.ServeHTTP(0x46b139?, {0xa96b70?, 0xc00024c1c0?}, 0xc00023eb70?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+net/http.serverHandler.ServeHTTP({0xc0002205d0?}, {0xa96b70?, 0xc00024c1c0?}, 0x6?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3210 +0x8e
+net/http.(*conn).serve(0xc00028a510, {0xa97328, 0xc00014aa50})
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2092 +0x5d0
+created by net/http.(*Server).Serve in goroutine 38
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3360 +0x485
+2024/12/08 14:05:52 http: panic serving 127.0.0.1:48492: runtime error: invalid memory address or nil pointer dereference
+goroutine 43 [running]:
+net/http.(*conn).serve.func1()
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:1947 +0xbe
+panic({0x954920?, 0xd829f0?})
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/runtime/panic.go:785 +0x132
+me-fit/service.AuthImpl.GetCsrfToken({{0xa9bfa8, 0xc000118068}, {0xa96960, 0xdf3de0}, {0xa936c0, 0xdf3de0}, {0xa93660, 0xc00013a040}, 0xc00013a040}, 0x0)
+	/home/tiwun/source/me-fit/service/auth.go:414 +0x8c
+me-fit/handler/middleware.(*csrfResponseWriter).Write(0xc0002208d0, {0xc00027d000?, 0xc000206360?, 0xc000220930?})
+	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:28 +0x83
+bufio.(*Writer).Flush(0xc00021a440)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/bufio/bufio.go:639 +0x55
+github.com/a-h/templ/runtime.(*Buffer).Flush(0xc000206360)
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/buffer.go:28 +0x25
+github.com/a-h/templ/runtime.ReleaseBuffer({0xa93740?, 0xc000206360})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/bufferpool.go:35 +0x32
+me-fit/handler.(*Render).RenderLayout.Layout.func1.1()
+	/home/tiwun/source/me-fit/template/layout_templ.go:20 +0x27
+me-fit/handler.(*Render).RenderLayout.Layout.func1({{0xa97360?, 0xc00021e3c0?}, {0x7fdfb1435998?, 0xc0002208d0?}})
+	/home/tiwun/source/me-fit/template/layout_templ.go:64 +0x439
+me-fit/handler.(*Render).RenderLayout.Layout.GeneratedTemplate.func2({0xa97360?, 0xc00021e3c0?}, {0x7fdfb1435998?, 0xc0002208d0?})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/runtime.go:19 +0x2b
+github.com/a-h/templ.ComponentFunc.Render(0xd83840?, {0xa97360?, 0xc00021e3c0?}, {0x7fdfb1435998?, 0xc0002208d0?})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime.go:40 +0x37
+me-fit/handler.(*Render).Render(0xa97360?, 0xc000183598?, {0xa969f0, 0xc0002208d0}, {0xa93760?, 0xc0002183e0?})
+	/home/tiwun/source/me-fit/handler/render.go:26 +0x85
+me-fit/handler.(*Render).RenderLayout(0xc000118078, 0xc0002443c0, {0xa969f0, 0xc0002208d0}, {0xa93760, 0xc0002183c0}, 0x7fdfb1489958?)
+	/home/tiwun/source/me-fit/handler/render.go:37 +0x14a
+me-fit/handler.AuthImpl.Handle.AuthImpl.handleSignInPage.func1({0xa969f0, 0xc0002208d0}, 0xc0002443c0)
+	/home/tiwun/source/me-fit/handler/auth.go:74 +0xb9
+net/http.HandlerFunc.ServeHTTP(0xc00017c000?, {0xa969f0?, 0xc0002208d0?}, 0xc00023e688?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+net/http.(*ServeMux).ServeHTTP(0x995fc0?, {0xa969f0, 0xc0002208d0}, 0xc0002443c0)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2747 +0x1ca
+me-fit/handler/middleware.Coop.func1({0xa969f0, 0xc0002208d0}, 0xc0002443c0)
+	/home/tiwun/source/me-fit/handler/middleware/coop.go:11 +0xf0
+net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa969f0?, 0xc0002208d0?}, 0x1c?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.Corp.func1({0xa969f0, 0xc0002208d0}, 0xc0002443c0)
+	/home/tiwun/source/me-fit/handler/middleware/corp.go:11 +0xf0
+net/http.HandlerFunc.ServeHTTP(0xa96a20?, {0xa969f0?, 0xc0002208d0?}, 0xc0001600a0?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.CrossSiteRequestForgery.func3.1({0xa96a20, 0xc000206330}, 0xc0002443c0)
+	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:57 +0x151
+net/http.HandlerFunc.ServeHTTP(0xc000220840?, {0xa96a20?, 0xc000206330?}, 0x9ddfd8?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.Cors.func2.1({0xa96a20, 0xc000206330}, 0xc0002443c0)
+	/home/tiwun/source/me-fit/handler/middleware/cors.go:20 +0xec
+net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa96a20?, 0xc000206330?}, 0x17?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.ContentSecurityPolicy.func1({0xa96a20, 0xc000206330}, 0xc0002443c0)
+	/home/tiwun/source/me-fit/handler/middleware/content_security_policiy.go:27 +0x11f
+net/http.HandlerFunc.ServeHTTP(0xb9?, {0xa96a20?, 0xc000206330?}, 0x6aed2b3b00000003?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.Log.func1({0xa96b70, 0xc00024c2a0}, 0xc0002443c0)
+	/home/tiwun/source/me-fit/handler/middleware/logger.go:42 +0xe2
+net/http.HandlerFunc.ServeHTTP(0xa936e0?, {0xa96b70?, 0xc00024c2a0?}, 0x446920?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.Wrapper.func4({0xa96b70, 0xc00024c2a0}, 0xc0002443c0)
+	/home/tiwun/source/me-fit/handler/middleware/wrapper.go:11 +0x88
+net/http.HandlerFunc.ServeHTTP(0x46b139?, {0xa96b70?, 0xc00024c2a0?}, 0xc00023eb70?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+net/http.serverHandler.ServeHTTP({0xc0002207b0?}, {0xa96b70?, 0xc00024c2a0?}, 0x6?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3210 +0x8e
+net/http.(*conn).serve(0xc00015e360, {0xa97328, 0xc00014aa50})
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2092 +0x5d0
+created by net/http.(*Server).Serve in goroutine 38
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3360 +0x485
+2024/12/08 14:05:52 http: panic serving 127.0.0.1:48498: runtime error: invalid memory address or nil pointer dereference
+goroutine 57 [running]:
+net/http.(*conn).serve.func1()
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:1947 +0xbe
+panic({0x954920?, 0xd829f0?})
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/runtime/panic.go:785 +0x132
+me-fit/service.AuthImpl.GetCsrfToken({{0xa9bfa8, 0xc000118068}, {0xa96960, 0xdf3de0}, {0xa936c0, 0xdf3de0}, {0xa93660, 0xc00013a040}, 0xc00013a040}, 0x0)
+	/home/tiwun/source/me-fit/service/auth.go:414 +0x8c
+me-fit/handler/middleware.(*csrfResponseWriter).Write(0xc000220ab0, {0xc0003c0000?, 0xc000206408?, 0xc000220b10?})
+	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:28 +0x83
+bufio.(*Writer).Flush(0xc00021a540)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/bufio/bufio.go:639 +0x55
+github.com/a-h/templ/runtime.(*Buffer).Flush(0xc000206408)
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/buffer.go:28 +0x25
+github.com/a-h/templ/runtime.ReleaseBuffer({0xa93740?, 0xc000206408})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/bufferpool.go:35 +0x32
+me-fit/handler.(*Render).RenderLayout.Layout.func1.1()
+	/home/tiwun/source/me-fit/template/layout_templ.go:20 +0x27
+me-fit/handler.(*Render).RenderLayout.Layout.func1({{0xa97360?, 0xc00021e4b0?}, {0x7fdfb1435998?, 0xc000220ab0?}})
+	/home/tiwun/source/me-fit/template/layout_templ.go:64 +0x439
+me-fit/handler.(*Render).RenderLayout.Layout.GeneratedTemplate.func2({0xa97360?, 0xc00021e4b0?}, {0x7fdfb1435998?, 0xc000220ab0?})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/runtime.go:19 +0x2b
+github.com/a-h/templ.ComponentFunc.Render(0xd83840?, {0xa97360?, 0xc00021e4b0?}, {0x7fdfb1435998?, 0xc000220ab0?})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime.go:40 +0x37
+me-fit/handler.(*Render).Render(0xa97360?, 0xc000183598?, {0xa969f0, 0xc000220ab0}, {0xa93760?, 0xc0002184d0?})
+	/home/tiwun/source/me-fit/handler/render.go:26 +0x85
+me-fit/handler.(*Render).RenderLayout(0xc000118078, 0xc000244500, {0xa969f0, 0xc000220ab0}, {0xa93760, 0xc0002184b0}, 0x7fdfb1489958?)
+	/home/tiwun/source/me-fit/handler/render.go:37 +0x14a
+me-fit/handler.AuthImpl.Handle.AuthImpl.handleSignInPage.func1({0xa969f0, 0xc000220ab0}, 0xc000244500)
+	/home/tiwun/source/me-fit/handler/auth.go:74 +0xb9
+net/http.HandlerFunc.ServeHTTP(0xc00017c000?, {0xa969f0?, 0xc000220ab0?}, 0xc00023e688?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+net/http.(*ServeMux).ServeHTTP(0x995fc0?, {0xa969f0, 0xc000220ab0}, 0xc000244500)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2747 +0x1ca
+me-fit/handler/middleware.Coop.func1({0xa969f0, 0xc000220ab0}, 0xc000244500)
+	/home/tiwun/source/me-fit/handler/middleware/coop.go:11 +0xf0
+net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa969f0?, 0xc000220ab0?}, 0x1c?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.Corp.func1({0xa969f0, 0xc000220ab0}, 0xc000244500)
+	/home/tiwun/source/me-fit/handler/middleware/corp.go:11 +0xf0
+net/http.HandlerFunc.ServeHTTP(0xa96a20?, {0xa969f0?, 0xc000220ab0?}, 0xc0001600a0?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.CrossSiteRequestForgery.func3.1({0xa96a20, 0xc0002063d8}, 0xc000244500)
+	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:57 +0x151
+net/http.HandlerFunc.ServeHTTP(0xc000220a20?, {0xa96a20?, 0xc0002063d8?}, 0x9ddfd8?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.Cors.func2.1({0xa96a20, 0xc0002063d8}, 0xc000244500)
+	/home/tiwun/source/me-fit/handler/middleware/cors.go:20 +0xec
+net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa96a20?, 0xc0002063d8?}, 0x17?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.ContentSecurityPolicy.func1({0xa96a20, 0xc0002063d8}, 0xc000244500)
+	/home/tiwun/source/me-fit/handler/middleware/content_security_policiy.go:27 +0x11f
+net/http.HandlerFunc.ServeHTTP(0xb9?, {0xa96a20?, 0xc0002063d8?}, 0x9ac7dd5900000003?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.Log.func1({0xa96b70, 0xc00024c380}, 0xc000244500)
+	/home/tiwun/source/me-fit/handler/middleware/logger.go:42 +0xe2
+net/http.HandlerFunc.ServeHTTP(0xa936e0?, {0xa96b70?, 0xc00024c380?}, 0x446920?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.Wrapper.func4({0xa96b70, 0xc00024c380}, 0xc000244500)
+	/home/tiwun/source/me-fit/handler/middleware/wrapper.go:11 +0x88
+net/http.HandlerFunc.ServeHTTP(0x46b139?, {0xa96b70?, 0xc00024c380?}, 0xc00023eb70?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+net/http.serverHandler.ServeHTTP({0xc000220990?}, {0xa96b70?, 0xc00024c380?}, 0x6?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3210 +0x8e
+net/http.(*conn).serve(0xc00028a5a0, {0xa97328, 0xc00014aa50})
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2092 +0x5d0
+created by net/http.(*Server).Serve in goroutine 38
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3360 +0x485
+2024/12/08 14:05:52 http: panic serving 127.0.0.1:48510: runtime error: invalid memory address or nil pointer dereference
+goroutine 44 [running]:
+net/http.(*conn).serve.func1()
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:1947 +0xbe
+panic({0x954920?, 0xd829f0?})
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/runtime/panic.go:785 +0x132
+me-fit/service.AuthImpl.GetCsrfToken({{0xa9bfa8, 0xc000118068}, {0xa96960, 0xdf3de0}, {0xa936c0, 0xdf3de0}, {0xa93660, 0xc00013a040}, 0xc00013a040}, 0x0)
+	/home/tiwun/source/me-fit/service/auth.go:414 +0x8c
+me-fit/handler/middleware.(*csrfResponseWriter).Write(0xc000220c90, {0xc0003c1000?, 0xc0002064b0?, 0xc000220cf0?})
+	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:28 +0x83
+bufio.(*Writer).Flush(0xc00021a640)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/bufio/bufio.go:639 +0x55
+github.com/a-h/templ/runtime.(*Buffer).Flush(0xc0002064b0)
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/buffer.go:28 +0x25
+github.com/a-h/templ/runtime.ReleaseBuffer({0xa93740?, 0xc0002064b0})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/bufferpool.go:35 +0x32
+me-fit/handler.(*Render).RenderLayout.Layout.func1.1()
+	/home/tiwun/source/me-fit/template/layout_templ.go:20 +0x27
+me-fit/handler.(*Render).RenderLayout.Layout.func1({{0xa97360?, 0xc00021e5a0?}, {0x7fdfb1435998?, 0xc000220c90?}})
+	/home/tiwun/source/me-fit/template/layout_templ.go:64 +0x439
+me-fit/handler.(*Render).RenderLayout.Layout.GeneratedTemplate.func2({0xa97360?, 0xc00021e5a0?}, {0x7fdfb1435998?, 0xc000220c90?})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/runtime.go:19 +0x2b
+github.com/a-h/templ.ComponentFunc.Render(0xd83840?, {0xa97360?, 0xc00021e5a0?}, {0x7fdfb1435998?, 0xc000220c90?})
+	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime.go:40 +0x37
+me-fit/handler.(*Render).Render(0xa97360?, 0xc000183598?, {0xa969f0, 0xc000220c90}, {0xa93760?, 0xc0002185c0?})
+	/home/tiwun/source/me-fit/handler/render.go:26 +0x85
+me-fit/handler.(*Render).RenderLayout(0xc000118078, 0xc000244640, {0xa969f0, 0xc000220c90}, {0xa93760, 0xc0002185a0}, 0x7fdfb1489958?)
+	/home/tiwun/source/me-fit/handler/render.go:37 +0x14a
+me-fit/handler.AuthImpl.Handle.AuthImpl.handleSignInPage.func1({0xa969f0, 0xc000220c90}, 0xc000244640)
+	/home/tiwun/source/me-fit/handler/auth.go:74 +0xb9
+net/http.HandlerFunc.ServeHTTP(0xc00017c000?, {0xa969f0?, 0xc000220c90?}, 0xc00023e688?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+net/http.(*ServeMux).ServeHTTP(0x995fc0?, {0xa969f0, 0xc000220c90}, 0xc000244640)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2747 +0x1ca
+me-fit/handler/middleware.Coop.func1({0xa969f0, 0xc000220c90}, 0xc000244640)
+	/home/tiwun/source/me-fit/handler/middleware/coop.go:11 +0xf0
+net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa969f0?, 0xc000220c90?}, 0x1c?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.Corp.func1({0xa969f0, 0xc000220c90}, 0xc000244640)
+	/home/tiwun/source/me-fit/handler/middleware/corp.go:11 +0xf0
+net/http.HandlerFunc.ServeHTTP(0xa96a20?, {0xa969f0?, 0xc000220c90?}, 0xc0001600a0?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.CrossSiteRequestForgery.func3.1({0xa96a20, 0xc000206480}, 0xc000244640)
+	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:57 +0x151
+net/http.HandlerFunc.ServeHTTP(0xc000220c00?, {0xa96a20?, 0xc000206480?}, 0x9ddfd8?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.Cors.func2.1({0xa96a20, 0xc000206480}, 0xc000244640)
+	/home/tiwun/source/me-fit/handler/middleware/cors.go:20 +0xec
+net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa96a20?, 0xc000206480?}, 0x17?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.ContentSecurityPolicy.func1({0xa96a20, 0xc000206480}, 0xc000244640)
+	/home/tiwun/source/me-fit/handler/middleware/content_security_policiy.go:27 +0x11f
+net/http.HandlerFunc.ServeHTTP(0xb9?, {0xa96a20?, 0xc000206480?}, 0xec4f5f5200000003?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+me-fit/handler/middleware.Log.func1({0xa96b70, 0xc00024c460}, 0xc000244640)
+	/home/tiwun/source/me-fit/handler/middleware/logger.go:42 +0xe2
+net/http.HandlerFunc.ServeHTTP(0xa936e0?, {0xa96b70?, 0xc00024c460?}, 0x446920?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+main.createHandler.Wrapper.func4({0xa96b70, 0xc00024c460}, 0xc000244640)
+	/home/tiwun/source/me-fit/handler/middleware/wrapper.go:11 +0x88
+net/http.HandlerFunc.ServeHTTP(0x46b139?, {0xa96b70?, 0xc00024c460?}, 0xc00023eb70?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
+net/http.serverHandler.ServeHTTP({0xc000220b70?}, {0xa96b70?, 0xc00024c460?}, 0x6?)
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3210 +0x8e
+net/http.(*conn).serve(0xc00015e3f0, {0xa97328, 0xc00014aa50})
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2092 +0x5d0
+created by net/http.(*Server).Serve in goroutine 38
+	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3360 +0x485
+2024/12/08 14:05:57 INFO Gracefully stopped http server on :8080
diff --git a/service/auth.go b/service/auth.go
index 8c18a08..9b1128d 100644
--- a/service/auth.go
+++ b/service/auth.go
@@ -62,6 +62,7 @@ type Auth interface {
 
 	SignIn(email string, password string) (*Session, error)
 	SignInSession(sessionId string) (*Session, error)
+	SignInAnonymous() (*Session, error)
 	SignOut(sessionId string) error
 
 	DeleteAccount(user *User) error
@@ -142,6 +143,15 @@ func (service AuthImpl) SignInSession(sessionId string) (*Session, error) {
 	return session, nil
 }
 
+func (service AuthImpl) SignInAnonymous() (*Session, error) {
+	sessionDb, err := service.createSession(uuid.Nil)
+	if err != nil {
+		return nil, types.ErrInternal
+	}
+
+	return NewSession(sessionDb, nil), nil
+}
+
 func (service AuthImpl) createSession(userId uuid.UUID) (*db.Session, error) {
 	sessionId, err := service.random.String(32)
 	if err != nil {
@@ -411,6 +421,10 @@ func (service AuthImpl) IsCsrfTokenValid(tokenStr string, sessionId string) bool
 }
 
 func (service AuthImpl) GetCsrfToken(session *Session) (string, error) {
+	if session == nil {
+		return "", types.ErrInternal
+	}
+
 	tokens, _ := service.db.GetTokensBySessionIdAndType(session.Id, db.TokenTypeCsrf)
 
 	if len(tokens) > 0 {