rnsrk/wisski-cloud-distillery
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor CSRF protection

Browse source
This commit is contained in:
Tom Wiesing 2023-01-05 14:07:36 +01:00
parent 59b565ae19
commit eb17dbe33f
No known key found for this signature in database
8 changed files with 20 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

13
internal/dis/component/auth/auth.go
View file

@ -7,7 +7,6 @@ import (
"github.com/FAU-CDI/wisski-distillery/internal/dis/component"
"github.com/FAU-CDI/wisski-distillery/internal/dis/component/sql"
"github.com/FAU-CDI/wisski-distillery/pkg/lazy"
"github.com/gorilla/csrf"
"github.com/gorilla/sessions"
"github.com/julienschmidt/httprouter"
)
@ -41,15 +40,3 @@ func (auth *Auth) HandleRoute(ctx context.Context, route string) (http.Handler,
return router, nil
}
func (auth *Auth) CSRF() func(http.Handler) http.Handler {
// setup the csrf handler (if needed)
// TOOD: This should move to the server handler
return auth.csrf.Get(func() func(http.Handler) http.Handler {
var opts []csrf.Option
if !auth.Config.HTTPSEnabled() {
opts = append(opts, csrf.Secure(false))
}
return csrf.Protect(auth.Config.CSRFSecret(), opts...)
})
}