29 lines
729 B
Go
29 lines
729 B
Go
package csrf
|
|
|
|
import "net/http"
|
|
|
|
type CtxKey string
|
|
|
|
const ContextUserId CtxKey = "userid"
|
|
|
|
func (c CSRF) MiddleAuth(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
// requires WhoIsThis middleware to set this context key beforehand...
|
|
userID := r.Context().Value(ContextUserId).(string)
|
|
if c.AuthCheck(userID, r.RequestURI, r.FormValue("csrf")) {
|
|
c.DeniedFn(w, r)
|
|
return
|
|
}
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
|
|
func (c CSRF) MiddleUnauth(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
if !c.UnauthCheck(r.RequestURI, r.FormValue("csrf")) {
|
|
c.DeniedFn(w, r)
|
|
return
|
|
}
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|