diff options
author | René 'Necoro' Neumann <necoro@necoro.eu> | 2024-10-17 00:27:08 +0200 |
---|---|---|
committer | René 'Necoro' Neumann <necoro@necoro.eu> | 2024-10-17 00:27:08 +0200 |
commit | 869fb9691f877116d5b15a92de006d0daf4d70e5 (patch) | |
tree | 2493c72172d5817ec9deec36229a84b687eb3190 /csrf/csrf.go | |
parent | 6fc180ba6d9bc5c32340466988d9e26f8d6e3c5c (diff) | |
download | gosten-869fb9691f877116d5b15a92de006d0daf4d70e5.tar.gz gosten-869fb9691f877116d5b15a92de006d0daf4d70e5.tar.bz2 gosten-869fb9691f877116d5b15a92de006d0daf4d70e5.zip |
Restructure and change to chi as muxing framework
Diffstat (limited to 'csrf/csrf.go')
-rw-r--r-- | csrf/csrf.go | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/csrf/csrf.go b/csrf/csrf.go new file mode 100644 index 0000000..18fdb81 --- /dev/null +++ b/csrf/csrf.go @@ -0,0 +1,31 @@ +package csrf + +import ( + "html/template" + "net/http" + + "github.com/gorilla/csrf" + "github.com/gorilla/securecookie" +) + +func Handler() func(http.Handler) http.Handler { + return csrf.Protect( + securecookie.GenerateRandomKey(32), + csrf.SameSite(csrf.SameSiteStrictMode), + csrf.FieldName("csrf.csrffield"), // should match the structure in `Csrf` + ) +} + +// Csrf handles the CSRF data for a form. +// Include it verbatim and then use `{{.CsrfField}}` in templates. +type Csrf struct { + CsrfField template.HTML `form:"-" schema:"-"` +} + +func (c *Csrf) SetCsrfField(r *http.Request) { + c.CsrfField = csrf.TemplateField(r) +} + +type Enabled interface { + SetCsrfField(r *http.Request) +} |