From 9343d2ea697f13e52e9199fce62a959f1954f580 Mon Sep 17 00:00:00 2001
From: Brian Picciano <mediocregopher@gmail.com>
Date: Mon, 30 Aug 2021 20:08:51 -0600
Subject: add chat handlers and only allow POST methods

---
 srv/api/csrf.go | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

(limited to 'srv/api/csrf.go')

diff --git a/srv/api/csrf.go b/srv/api/csrf.go
index d705adb..0802d8a 100644
--- a/srv/api/csrf.go
+++ b/srv/api/csrf.go
@@ -3,6 +3,8 @@ package api
 import (
 	"errors"
 	"net/http"
+
+	"github.com/mediocregopher/blog.mediocregopher.com/srv/api/apiutils"
 )
 
 const (
@@ -13,16 +15,16 @@ const (
 func setCSRFMiddleware(h http.Handler) http.Handler {
 	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
 
-		csrfTok, err := getCookie(r, csrfTokenCookieName, "")
+		csrfTok, err := apiutils.GetCookie(r, csrfTokenCookieName, "")
 
 		if err != nil {
-			internalServerError(rw, r, err)
+			apiutils.InternalServerError(rw, r, err)
 			return
 
 		} else if csrfTok == "" {
 			http.SetCookie(rw, &http.Cookie{
 				Name:   csrfTokenCookieName,
-				Value:  randStr(32),
+				Value:  apiutils.RandStr(32),
 				Secure: true,
 			})
 		}
@@ -34,14 +36,14 @@ func setCSRFMiddleware(h http.Handler) http.Handler {
 func checkCSRFMiddleware(h http.Handler) http.Handler {
 	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
 
-		csrfTok, err := getCookie(r, csrfTokenCookieName, "")
+		csrfTok, err := apiutils.GetCookie(r, csrfTokenCookieName, "")
 
 		if err != nil {
-			internalServerError(rw, r, err)
+			apiutils.InternalServerError(rw, r, err)
 			return
 
 		} else if csrfTok == "" || r.Header.Get(csrfTokenHeaderName) != csrfTok {
-			badRequest(rw, r, errors.New("invalid CSRF token"))
+			apiutils.BadRequest(rw, r, errors.New("invalid CSRF token"))
 			return
 		}
 
-- 
cgit v1.2.3