Compare commits
1 Commits
3c1b346c95
...
12d7c13b02
| Author | SHA1 | Date | |
|---|---|---|---|
| 12d7c13b02 |
@@ -86,16 +86,7 @@ func (handler AuthImpl) handleSignIn() http.HandlerFunc {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
cookie := http.Cookie{
|
||||
Name: "id",
|
||||
Value: session.Id,
|
||||
MaxAge: 60 * 60 * 8, // 8 hours
|
||||
Secure: true,
|
||||
HttpOnly: true,
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
Path: "/",
|
||||
}
|
||||
|
||||
cookie := middleware.CreateSessionCookie(session.Id)
|
||||
http.SetCookie(w, &cookie)
|
||||
|
||||
return session.User, nil
|
||||
|
||||
@@ -30,6 +30,7 @@ func (rr *csrfResponseWriter) Write(data []byte) (int, error) {
|
||||
if err == nil {
|
||||
csrfField := fmt.Sprintf(`<input type="hidden" name="csrf-token" value="%s">`, csrfToken)
|
||||
dataStr = strings.ReplaceAll(dataStr, "</form>", csrfField+"</form>")
|
||||
dataStr = strings.ReplaceAll(dataStr, "CSRF_TOKEN", csrfToken)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -52,30 +53,21 @@ func CrossSiteRequestForgery(auth service.Auth) func(http.Handler) http.Handler
|
||||
r.Method == http.MethodPatch {
|
||||
|
||||
csrfToken := r.FormValue("csrf-token")
|
||||
if csrfToken == "" {
|
||||
csrfToken = r.Header.Get("csrf-token")
|
||||
}
|
||||
if csrfToken == "" || !auth.IsCsrfTokenValid(csrfToken, session.Id) {
|
||||
http.Error(w, "", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
if session == nil {
|
||||
var err error
|
||||
session, err = auth.SignInAnonymous()
|
||||
if err != nil {
|
||||
http.Error(w, "", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
}
|
||||
cookie := http.Cookie{
|
||||
Name: "id",
|
||||
Value: session.Id,
|
||||
MaxAge: 60 * 60 * 8, // 8 hours
|
||||
Secure: true,
|
||||
HttpOnly: true,
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
Path: "/",
|
||||
}
|
||||
if session == nil && (strings.Contains(r.RequestURI, "/auth/signup") || strings.Contains(r.RequestURI, "/auth/signin")) {
|
||||
session, _ = auth.SignInAnonymous()
|
||||
|
||||
cookie := CreateSessionCookie(session.Id)
|
||||
http.SetCookie(w, &cookie)
|
||||
}
|
||||
|
||||
responseWriter := newCsrfResponseWriter(w, auth, session)
|
||||
next.ServeHTTP(responseWriter, r)
|
||||
|
||||
15
handler/middleware/default.go
Normal file
15
handler/middleware/default.go
Normal file
@@ -0,0 +1,15 @@
|
||||
package middleware
|
||||
|
||||
import "net/http"
|
||||
|
||||
func CreateSessionCookie(sessionId string) http.Cookie {
|
||||
return http.Cookie{
|
||||
Name: "id",
|
||||
Value: sessionId,
|
||||
MaxAge: 60 * 60 * 8, // 8 hours
|
||||
Secure: true,
|
||||
HttpOnly: true,
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
Path: "/",
|
||||
}
|
||||
}
|
||||
@@ -2,12 +2,8 @@ package workout
|
||||
|
||||
templ WorkoutComp(currentDate string) {
|
||||
<main class="mx-2">
|
||||
<form
|
||||
class="max-w-xl mx-auto flex flex-col gap-4 justify-center mt-10"
|
||||
hx-post="/api/workout"
|
||||
hx-target="#workout-placeholder"
|
||||
hx-swap="outerHTML"
|
||||
>
|
||||
<form class="max-w-xl mx-auto flex flex-col gap-4 justify-center mt-10" hx-post="/api/workout"
|
||||
hx-target="#workout-placeholder" hx-swap="outerHTML">
|
||||
<h2 class="text-4xl mb-8">Track your workout</h2>
|
||||
<input id="date" type="date" class="input input-bordered" value={ currentDate } name="date" />
|
||||
<select class="select select-bordered w-full" name="type">
|
||||
@@ -64,7 +60,8 @@ templ WorkoutItemComp(w Workout, includePlaceholder bool) {
|
||||
<th>{ w.Reps }</th>
|
||||
<th>
|
||||
<div class="tooltip" data-tip="Delete Entry">
|
||||
<button hx-delete={ "api/workout/" + w.Id } hx-target="closest tr">
|
||||
<button hx-headers='{"csrf-token": "CSRF_TOKEN"}' hx-delete={ "api/workout/" + w.Id } hx-target="closest tr"
|
||||
type="submit">
|
||||
Delete
|
||||
</button>
|
||||
</div>
|
||||
|
||||
Reference in New Issue
Block a user