controllers/postController.go

@@ -3,6 +3,7 @@ package controllers
 import (
 	"GoWeb/app"
 	"GoWeb/models"
+	"GoWeb/security"
 	"log"
 	"net/http"
 	"time"
@@ -14,6 +15,13 @@ type PostController struct {
 }
 
 func (postController *PostController) Login(w http.ResponseWriter, r *http.Request) {
+	// Validate csrf token
+	_, err := security.VerifyCsrfToken(r)
+	if err != nil {
+		log.Println("Error verifying csrf token")
+		return
+	}
+
 	username := r.FormValue("username")
 	password := r.FormValue("password")
 	remember := r.FormValue("remember") == "on"
@@ -23,7 +31,7 @@ func (postController *PostController) Login(w http.ResponseWriter, r *http.Reque
 		http.Redirect(w, r, "/login", http.StatusFound)
 	}
 
-	_, err := models.AuthenticateUser(postController.App, w, username, password, remember)
+	_, err = models.AuthenticateUser(postController.App, w, username, password, remember)
 	if err != nil {
 		log.Println("Error authenticating user")
 		log.Println(err)
@@ -35,6 +43,13 @@ func (postController *PostController) Login(w http.ResponseWriter, r *http.Reque
 }
 
 func (postController *PostController) Register(w http.ResponseWriter, r *http.Request) {
+	// Validate csrf token
+	_, err := security.VerifyCsrfToken(r)
+	if err != nil {
+		log.Println("Error verifying csrf token")
+		return
+	}
+
 	username := r.FormValue("username")
 	password := r.FormValue("password")
 	createdAt := time.Now()
@@ -45,7 +60,7 @@ func (postController *PostController) Register(w http.ResponseWriter, r *http.Re
 		http.Redirect(w, r, "/register", http.StatusFound)
 	}
 
-	_, err := models.CreateUser(postController.App, username, password, createdAt, updatedAt)
+	_, err = models.CreateUser(postController.App, username, password, createdAt, updatedAt)
 	if err != nil {
 		log.Println("Error creating user")
 		log.Println(err)

middleware/csrf.go

@@ -1,22 +0,0 @@
-package middleware
-
-import (
-	"GoWeb/security"
-	"log"
-	"net/http"
-)
-
-// CsrfMiddleware validates the CSRF token and returns the handler function if it succeded
-func CsrfMiddleware(f func(w http.ResponseWriter, r *http.Request)) func(w http.ResponseWriter, r *http.Request) {
-	return func(w http.ResponseWriter, r *http.Request) {
-		// Verify csrf token
-		_, err := security.VerifyCsrfToken(r)
-		if err != nil {
-			log.Println("Error verifying csrf token")
-			http.Error(w, "Forbidden", http.StatusForbidden)
-			return
-		}
-
-		f(w, r)
-	}
-}

middleware/wrapper.go

@@ -1,14 +0,0 @@
-package middleware
-
-import "net/http"
-
-// ProcessMiddleware is a wrapper function for the http.HandleFunc function
-// that takes the function you want to execute (f) and the middleware you want
-// to execute (m) this should be used when processing multiple groups of middleware at a time
-func ProcessMiddleware(f func(w http.ResponseWriter, r *http.Request), m []func()) func(w http.ResponseWriter, r *http.Request) {
-	for _, middleware := range m {
-		middleware()
-	}
-
-	return f
-}

routes/postRoutes.go

@@ -3,7 +3,6 @@ package routes
 import (
 	"GoWeb/app"
 	"GoWeb/controllers"
-	"GoWeb/middleware"
 	"net/http"
 )
 
@@ -15,6 +14,6 @@ func PostRoutes(app *app.App) {
 	}
 
 	// User authentication
-	http.HandleFunc("/register-handle", middleware.CsrfMiddleware(postController.Register))
+	http.HandleFunc("/register-handle", postController.Register)
-	http.HandleFunc("/login-handle", middleware.CsrfMiddleware(postController.Login))
+	http.HandleFunc("/login-handle", postController.Login)
 }