diff options
| author | Brian Picciano <mediocregopher@gmail.com> | 2021-08-30 20:08:51 -0600 |
|---|---|---|
| committer | Brian Picciano <mediocregopher@gmail.com> | 2021-08-30 20:44:45 -0600 |
| commit | 9343d2ea697f13e52e9199fce62a959f1954f580 (patch) | |
| tree | e1e36e330a3c9891bfd8a625229a9b417ad89afa /srv/api/csrf.go | |
| parent | 3e9a17abb9a9d63af3c260fba9dc404dd9c59ade (diff) | |
add chat handlers and only allow POST methods
Diffstat (limited to 'srv/api/csrf.go')
| -rw-r--r-- | srv/api/csrf.go | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/srv/api/csrf.go b/srv/api/csrf.go index d705adb..0802d8a 100644 --- a/srv/api/csrf.go +++ b/srv/api/csrf.go @@ -3,6 +3,8 @@ package api import ( "errors" "net/http" + + "github.com/mediocregopher/blog.mediocregopher.com/srv/api/apiutils" ) const ( @@ -13,16 +15,16 @@ const ( func setCSRFMiddleware(h http.Handler) http.Handler { return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { - csrfTok, err := getCookie(r, csrfTokenCookieName, "") + csrfTok, err := apiutils.GetCookie(r, csrfTokenCookieName, "") if err != nil { - internalServerError(rw, r, err) + apiutils.InternalServerError(rw, r, err) return } else if csrfTok == "" { http.SetCookie(rw, &http.Cookie{ Name: csrfTokenCookieName, - Value: randStr(32), + Value: apiutils.RandStr(32), Secure: true, }) } @@ -34,14 +36,14 @@ func setCSRFMiddleware(h http.Handler) http.Handler { func checkCSRFMiddleware(h http.Handler) http.Handler { return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { - csrfTok, err := getCookie(r, csrfTokenCookieName, "") + csrfTok, err := apiutils.GetCookie(r, csrfTokenCookieName, "") if err != nil { - internalServerError(rw, r, err) + apiutils.InternalServerError(rw, r, err) return } else if csrfTok == "" || r.Header.Get(csrfTokenHeaderName) != csrfTok { - badRequest(rw, r, errors.New("invalid CSRF token")) + apiutils.BadRequest(rw, r, errors.New("invalid CSRF token")) return } |