From eed10ce514f28e4acf772f76c92ca05eebec105f Mon Sep 17 00:00:00 2001 From: Brian Picciano Date: Thu, 5 May 2022 21:20:22 -0600 Subject: Fix various problems with the srv build --- srv/api/csrf.go | 58 --------------------------------------------------------- 1 file changed, 58 deletions(-) delete mode 100644 srv/api/csrf.go (limited to 'srv/api/csrf.go') diff --git a/srv/api/csrf.go b/srv/api/csrf.go deleted file mode 100644 index 13b6ec6..0000000 --- a/srv/api/csrf.go +++ /dev/null @@ -1,58 +0,0 @@ -package api - -import ( - "errors" - "net/http" - - "github.com/mediocregopher/blog.mediocregopher.com/srv/api/apiutils" -) - -const ( - csrfTokenCookieName = "csrf_token" - csrfTokenHeaderName = "X-CSRF-Token" -) - -func setCSRFMiddleware(h http.Handler) http.Handler { - return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { - - csrfTok, err := apiutils.GetCookie(r, csrfTokenCookieName, "") - - if err != nil { - apiutils.InternalServerError(rw, r, err) - return - - } else if csrfTok == "" { - http.SetCookie(rw, &http.Cookie{ - Name: csrfTokenCookieName, - Value: apiutils.RandStr(32), - Secure: true, - }) - } - - h.ServeHTTP(rw, r) - }) -} - -func checkCSRFMiddleware(h http.Handler) http.Handler { - return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { - - csrfTok, err := apiutils.GetCookie(r, csrfTokenCookieName, "") - - if err != nil { - apiutils.InternalServerError(rw, r, err) - return - } - - givenCSRFTok := r.Header.Get(csrfTokenHeaderName) - if givenCSRFTok == "" { - givenCSRFTok = r.FormValue("csrfToken") - } - - if csrfTok == "" || givenCSRFTok != csrfTok { - apiutils.BadRequest(rw, r, errors.New("invalid CSRF token")) - return - } - - h.ServeHTTP(rw, r) - }) -} -- cgit v1.2.3