tbs

2024-12-05 23:24:39 +01:00
parent b9d50d986f
commit fe2d7c0fd4
16 changed files with 228 additions and 181 deletions
--- a/handler/middleware/cross_site_request_forgery.go
+++ b/handler/middleware/cross_site_request_forgery.go
@@ -1,16 +1,20 @@
 package middleware

-import "net/http"
+import (
+	"me-fit/service"
+	"net/http"
+)

-func CrossSiteRequestForgery() func(http.Handler) http.Handler {
+func CrossSiteRequestForgery(auth *service.Auth) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+
+			// session := r.Context().Value(SessionKey)
+
 			if r.Method == "POST" {
-				// Check the CSRF token
-				csrfToken := r.Header.Get("X-CSRF-Token")
-				sessionToken := r.Header.Get("X-Session-Token")
-				if csrfToken != sessionToken {
-					http.Error(w, "CSRF token mismatch", http.StatusForbidden)
+				csrfToken := r.FormValue("csrf-token")
+				if csrfToken == "" {
+					http.Error(w, "", http.StatusForbidden)
 					return
 				}
 			}