diff options
author | Brian Picciano <mediocregopher@gmail.com> | 2022-09-13 12:56:08 +0200 |
---|---|---|
committer | Brian Picciano <mediocregopher@gmail.com> | 2022-09-13 12:56:08 +0200 |
commit | 4f01edb9230f58ff84b0dd892c931ec8ac9aad55 (patch) | |
tree | 9c1598a3f98203913ac2548883c02a81deb33dc7 /srv/src/http/csrf.go | |
parent | 5485984e05aebde22819adebfbd5ad51475a6c21 (diff) |
move src out of srv, clean up default.nix and Makefile
Diffstat (limited to 'srv/src/http/csrf.go')
-rw-r--r-- | srv/src/http/csrf.go | 43 |
1 files changed, 0 insertions, 43 deletions
diff --git a/srv/src/http/csrf.go b/srv/src/http/csrf.go deleted file mode 100644 index a64e37e..0000000 --- a/srv/src/http/csrf.go +++ /dev/null @@ -1,43 +0,0 @@ -package http - -import ( - "errors" - "net" - "net/http" - "net/url" - - "github.com/mediocregopher/blog.mediocregopher.com/srv/http/apiutil" -) - -func checkCSRF(r *http.Request, publicURL *url.URL) error { - - if ipStr, _, err := net.SplitHostPort(r.Host); err == nil { - if ip := net.ParseIP(ipStr); ip != nil && ip.IsLoopback() { - return nil - } - } - - refererURL, err := url.Parse(r.Referer()) - if err != nil { - return errors.New("invalid Referer") - } - - if refererURL.Scheme != publicURL.Scheme || - refererURL.Host != publicURL.Host { - return errors.New("invalid Referer") - } - - return nil -} - -func (a *api) checkCSRFMiddleware(h http.Handler) http.Handler { - return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { - - if err := checkCSRF(r, a.params.PublicURL); err != nil { - apiutil.BadRequest(rw, r, errors.New("invalid Referer")) - return - } - - h.ServeHTTP(rw, r) - }) -} |