Compare commits

...

3 Commits

Author SHA1 Message Date
Maximilian
bada24884a Use ungrouped CSRF middleware on register and login POST routes 2023-07-21 11:59:55 -05:00
Maximilian
05397c2b61 Initial middleware implementation for CSRF and update comment 2023-07-21 11:59:01 -05:00
Maximilian
3d80b95f55 Initial wrapper implementation 2023-07-07 18:05:17 -05:00
4 changed files with 41 additions and 19 deletions

View File

@ -3,7 +3,6 @@ package controllers
import (
"GoWeb/app"
"GoWeb/models"
"GoWeb/security"
"log"
"net/http"
"time"
@ -15,13 +14,6 @@ type PostController struct {
}
func (postController *PostController) Login(w http.ResponseWriter, r *http.Request) {
// Validate csrf token
_, err := security.VerifyCsrfToken(r)
if err != nil {
log.Println("Error verifying csrf token")
return
}
username := r.FormValue("username")
password := r.FormValue("password")
remember := r.FormValue("remember") == "on"
@ -31,7 +23,7 @@ func (postController *PostController) Login(w http.ResponseWriter, r *http.Reque
http.Redirect(w, r, "/login", http.StatusFound)
}
_, err = models.AuthenticateUser(postController.App, w, username, password, remember)
_, err := models.AuthenticateUser(postController.App, w, username, password, remember)
if err != nil {
log.Println("Error authenticating user")
log.Println(err)
@ -43,13 +35,6 @@ func (postController *PostController) Login(w http.ResponseWriter, r *http.Reque
}
func (postController *PostController) Register(w http.ResponseWriter, r *http.Request) {
// Validate csrf token
_, err := security.VerifyCsrfToken(r)
if err != nil {
log.Println("Error verifying csrf token")
return
}
username := r.FormValue("username")
password := r.FormValue("password")
createdAt := time.Now()
@ -60,7 +45,7 @@ func (postController *PostController) Register(w http.ResponseWriter, r *http.Re
http.Redirect(w, r, "/register", http.StatusFound)
}
_, err = models.CreateUser(postController.App, username, password, createdAt, updatedAt)
_, err := models.CreateUser(postController.App, username, password, createdAt, updatedAt)
if err != nil {
log.Println("Error creating user")
log.Println(err)

22
middleware/csrf.go Normal file
View File

@ -0,0 +1,22 @@
package middleware
import (
"GoWeb/security"
"log"
"net/http"
)
// CsrfMiddleware validates the CSRF token and returns the handler function if it succeded
func CsrfMiddleware(f func(w http.ResponseWriter, r *http.Request)) func(w http.ResponseWriter, r *http.Request) {
return func(w http.ResponseWriter, r *http.Request) {
// Verify csrf token
_, err := security.VerifyCsrfToken(r)
if err != nil {
log.Println("Error verifying csrf token")
http.Error(w, "Forbidden", http.StatusForbidden)
return
}
f(w, r)
}
}

14
middleware/wrapper.go Normal file
View File

@ -0,0 +1,14 @@
package middleware
import "net/http"
// ProcessMiddleware is a wrapper function for the http.HandleFunc function
// that takes the function you want to execute (f) and the middleware you want
// to execute (m) this should be used when processing multiple groups of middleware at a time
func ProcessMiddleware(f func(w http.ResponseWriter, r *http.Request), m []func()) func(w http.ResponseWriter, r *http.Request) {
for _, middleware := range m {
middleware()
}
return f
}

View File

@ -3,6 +3,7 @@ package routes
import (
"GoWeb/app"
"GoWeb/controllers"
"GoWeb/middleware"
"net/http"
)
@ -14,6 +15,6 @@ func PostRoutes(app *app.App) {
}
// User authentication
http.HandleFunc("/register-handle", postController.Register)
http.HandleFunc("/login-handle", postController.Login)
http.HandleFunc("/register-handle", middleware.CsrfMiddleware(postController.Register))
http.HandleFunc("/login-handle", middleware.CsrfMiddleware(postController.Login))
}