From 05397c2b6127ab94e3283ba21c67922bd392ed13 Mon Sep 17 00:00:00 2001
From: Maximilian <max@mpatterson.xyz>
Date: Fri, 21 Jul 2023 11:59:01 -0500
Subject: [PATCH] Initial middleware implementation for CSRF and update comment

---
 middleware/csrf.go    | 22 ++++++++++++++++++++++
 middleware/wrapper.go |  3 ++-
 2 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100644 middleware/csrf.go

diff --git a/middleware/csrf.go b/middleware/csrf.go
new file mode 100644
index 0000000..544c0c3
--- /dev/null
+++ b/middleware/csrf.go
@@ -0,0 +1,22 @@
+package middleware
+
+import (
+	"GoWeb/security"
+	"log"
+	"net/http"
+)
+
+// CsrfMiddleware validates the CSRF token and returns the handler function if it succeded
+func CsrfMiddleware(f func(w http.ResponseWriter, r *http.Request)) func(w http.ResponseWriter, r *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
+		// Verify csrf token
+		_, err := security.VerifyCsrfToken(r)
+		if err != nil {
+			log.Println("Error verifying csrf token")
+			http.Error(w, "Forbidden", http.StatusForbidden)
+			return
+		}
+
+		f(w, r)
+	}
+}
diff --git a/middleware/wrapper.go b/middleware/wrapper.go
index 05d67d9..e315c1c 100644
--- a/middleware/wrapper.go
+++ b/middleware/wrapper.go
@@ -3,7 +3,8 @@ package middleware
 import "net/http"
 
 // ProcessMiddleware is a wrapper function for the http.HandleFunc function
-// that takes the function you want to execute (f) and the middleware you want to execute (m)
+// that takes the function you want to execute (f) and the middleware you want
+// to execute (m) this should be used when processing multiple groups of middleware at a time
 func ProcessMiddleware(f func(w http.ResponseWriter, r *http.Request), m []func()) func(w http.ResponseWriter, r *http.Request) {
 	for _, middleware := range m {
 		middleware()