x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity

feat(security): #328 delete old sessions for change and forgot password
All checks were successful
Build Docker Image / Build-Docker-Image (push) Successful in 43s
Details
Build and Push Docker Image / Build-And-Push-Docker-Image (push) Successful in 50s
Details

Browse Source
This commit was merged in pull request #335.
This commit is contained in:
Tim Wundenberg
2024-12-17 22:21:46 +01:00
parent 43d0a3d022
commit dcc5207272
13 changed files with 292 additions and 120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
handler/middleware/cross_site_request_forgery.go
View File

@@ -61,7 +61,9 @@ func CrossSiteRequestForgery(auth service.Auth) func(http.Handler) http.Handler
}
}
if session == nil && (strings.Contains(r.RequestURI, "/auth/signup") || strings.Contains(r.RequestURI, "/auth/signin")) {
// Always sign in anonymous
// This way, there is no way to forget creating a csrf token
if session == nil {
session, _ = auth.SignInAnonymous()
cookie := CreateSessionCookie(session.Id)