Initial middleware implementation for CSRF and update comment

2023-07-21 11:59:01 -05:00 · 2023-07-21 11:59:01 -05:00 · 05397c2b61
commit 05397c2b61
parent 3d80b95f55
2 changed files with 24 additions and 1 deletions
--- a/middleware/csrf.go
+++ b/middleware/csrf.go
@ -0,0 +1,22 @@
+package middleware
+
+import (
+	"GoWeb/security"
+	"log"
+	"net/http"
+)
+
+// CsrfMiddleware validates the CSRF token and returns the handler function if it succeded
+func CsrfMiddleware(f func(w http.ResponseWriter, r *http.Request)) func(w http.ResponseWriter, r *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
+		// Verify csrf token
+		_, err := security.VerifyCsrfToken(r)
+		if err != nil {
+			log.Println("Error verifying csrf token")
+			http.Error(w, "Forbidden", http.StatusForbidden)
+			return
+		}
+
+		f(w, r)
+	}
+}
--- a/middleware/wrapper.go
+++ b/middleware/wrapper.go
@ -3,7 +3,8 @@ package middleware
 import "net/http"

 // ProcessMiddleware is a wrapper function for the http.HandleFunc function
-// that takes the function you want to execute (f) and the middleware you want to execute (m)
+// that takes the function you want to execute (f) and the middleware you want
+// to execute (m) this should be used when processing multiple groups of middleware at a time
 func ProcessMiddleware(f func(w http.ResponseWriter, r *http.Request), m []func()) func(w http.ResponseWriter, r *http.Request) {
 	for _, middleware := range m {
 		middleware()