2023-07-21 16:59:01 +00:00
|
|
|
package middleware
|
|
|
|
|
|
|
|
import (
|
|
|
|
"GoWeb/security"
|
2023-09-03 20:45:12 +00:00
|
|
|
"log/slog"
|
2023-07-21 16:59:01 +00:00
|
|
|
"net/http"
|
|
|
|
)
|
|
|
|
|
2023-08-03 17:11:01 +00:00
|
|
|
// Csrf validates the CSRF token and returns the handler function if it succeeded
|
2023-07-23 04:37:38 +00:00
|
|
|
func Csrf(f func(w http.ResponseWriter, r *http.Request)) func(w http.ResponseWriter, r *http.Request) {
|
2023-07-21 16:59:01 +00:00
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
_, err := security.VerifyCsrfToken(r)
|
|
|
|
if err != nil {
|
2023-09-03 20:45:12 +00:00
|
|
|
slog.Info("error verifying csrf token")
|
2023-07-21 16:59:01 +00:00
|
|
|
http.Error(w, "Forbidden", http.StatusForbidden)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
f(w, r)
|
|
|
|
}
|
|
|
|
}
|