26 lines
512 B
Go
26 lines
512 B
Go
package middleware
|
|
|
|
import (
|
|
"me-fit/service"
|
|
"net/http"
|
|
)
|
|
|
|
func CrossSiteRequestForgery(auth *service.Auth) func(http.Handler) http.Handler {
|
|
return func(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
// session := r.Context().Value(SessionKey)
|
|
|
|
if r.Method == "POST" {
|
|
csrfToken := r.FormValue("csrf-token")
|
|
if csrfToken == "" {
|
|
http.Error(w, "", http.StatusForbidden)
|
|
return
|
|
}
|
|
}
|
|
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
}
|