Initial middleware implementation for CSRF and update comment

This commit is contained in:
Maximilian 2023-07-21 11:59:01 -05:00
parent 3d80b95f55
commit 05397c2b61
2 changed files with 24 additions and 1 deletions

22
middleware/csrf.go Normal file
View File

@ -0,0 +1,22 @@
package middleware
import (
"GoWeb/security"
"log"
"net/http"
)
// CsrfMiddleware validates the CSRF token and returns the handler function if it succeded
func CsrfMiddleware(f func(w http.ResponseWriter, r *http.Request)) func(w http.ResponseWriter, r *http.Request) {
return func(w http.ResponseWriter, r *http.Request) {
// Verify csrf token
_, err := security.VerifyCsrfToken(r)
if err != nil {
log.Println("Error verifying csrf token")
http.Error(w, "Forbidden", http.StatusForbidden)
return
}
f(w, r)
}
}

View File

@ -3,7 +3,8 @@ package middleware
import "net/http" import "net/http"
// ProcessMiddleware is a wrapper function for the http.HandleFunc function // ProcessMiddleware is a wrapper function for the http.HandleFunc function
// that takes the function you want to execute (f) and the middleware you want to execute (m) // that takes the function you want to execute (f) and the middleware you want
// to execute (m) this should be used when processing multiple groups of middleware at a time
func ProcessMiddleware(f func(w http.ResponseWriter, r *http.Request), m []func()) func(w http.ResponseWriter, r *http.Request) { func ProcessMiddleware(f func(w http.ResponseWriter, r *http.Request), m []func()) func(w http.ResponseWriter, r *http.Request) {
for _, middleware := range m { for _, middleware := range m {
middleware() middleware()