GoWeb/internal/middleware/csrf.go

package middleware

import (
	"GoWeb/security"
	"log/slog"
	"net/http"
)

// Csrf validates the CSRF token and returns the handler function if it succeeded
func Csrf(f func(w http.ResponseWriter, r *http.Request)) func(w http.ResponseWriter, r *http.Request) {
	return func(w http.ResponseWriter, r *http.Request) {
		_, err := security.VerifyCsrfToken(r)
		if err != nil {
			slog.Info("error verifying csrf token")
			http.Error(w, "Forbidden", http.StatusForbidden)
			return
		}

		f(w, r)
	}
}
Initial middleware implementation for CSRF and update comment 2023-07-21 16:59:01 +00:00			`package middleware`

			`import (`
			`"GoWeb/security"`
Clean up error handling, migrate to log/slog, add todo for flash message system in post controller 2023-09-03 20:45:12 +00:00			`"log/slog"`
Initial middleware implementation for CSRF and update comment 2023-07-21 16:59:01 +00:00			`"net/http"`
			`)`

Fix spelling 2023-08-03 17:11:01 +00:00			`// Csrf validates the CSRF token and returns the handler function if it succeeded`
Refactor name 2023-07-23 04:37:38 +00:00			`func Csrf(f func(w http.ResponseWriter, r http.Request)) func(w http.ResponseWriter, r http.Request) {`
Initial middleware implementation for CSRF and update comment 2023-07-21 16:59:01 +00:00			`return func(w http.ResponseWriter, r *http.Request) {`
			`_, err := security.VerifyCsrfToken(r)`
			`if err != nil {`
Clean up error handling, migrate to log/slog, add todo for flash message system in post controller 2023-09-03 20:45:12 +00:00			`slog.Info("error verifying csrf token")`
Initial middleware implementation for CSRF and update comment 2023-07-21 16:59:01 +00:00			`http.Error(w, "Forbidden", http.StatusForbidden)`
			`return`
			`}`

			`f(w, r)`
			`}`
			`}`