csrf/middleware.go

package csrf

import "net/http"

type CtxKey string

const ContextUserId CtxKey = "userid"

func (c CSRF) MiddleAuth(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		// requires WhoIsThis middleware to set this context key beforehand...
		userID := r.Context().Value(ContextUserId).(string)
		if c.AuthCheck(userID, r.RequestURI, r.FormValue("csrf")) {
			c.DeniedFn(w, r)
			return
		}
		next.ServeHTTP(w, r)
	})
}

func (c CSRF) MiddleUnauth(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		if !c.UnauthCheck(r.RequestURI, r.FormValue("csrf")) {
			c.DeniedFn(w, r)
			return
		}
		next.ServeHTTP(w, r)
	})
}
init module 2024-12-29 10:40:25 +00:00			`package csrf`
pull out of older repos 2025-01-12 11:40:15 +00:00
			`import "net/http"`

			`type CtxKey string`

			`const ContextUserId CtxKey = "userid"`

			`func (c CSRF) MiddleAuth(next http.Handler) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`// requires WhoIsThis middleware to set this context key beforehand...`
			`userID := r.Context().Value(ContextUserId).(string)`
			`if c.AuthCheck(userID, r.RequestURI, r.FormValue("csrf")) {`
			`c.DeniedFn(w, r)`
			`return`
			`}`
			`next.ServeHTTP(w, r)`
			`})`
			`}`

			`func (c CSRF) MiddleUnauth(next http.Handler) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`if !c.UnauthCheck(r.RequestURI, r.FormValue("csrf")) {`
			`c.DeniedFn(w, r)`
			`return`
			`}`
			`next.ServeHTTP(w, r)`
			`})`
			`}`