Make CSRF customizable
This commit is contained in:
parent
ac5f74988f
commit
8dbdc9500f
1 changed files with 10 additions and 1 deletions
|
@ -8,9 +8,14 @@ import (
|
||||||
"github.com/gorilla/csrf"
|
"github.com/gorilla/csrf"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
type Config struct {
|
||||||
|
CSRFSecret string `env:"CSRF_TOKEN"`
|
||||||
|
}
|
||||||
|
|
||||||
type Handlers struct {
|
type Handlers struct {
|
||||||
*app.App
|
*app.App
|
||||||
session *scs.Session
|
session *scs.Session
|
||||||
|
Config *Config
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewHandlers(app *app.App) *Handlers {
|
func NewHandlers(app *app.App) *Handlers {
|
||||||
|
@ -34,8 +39,12 @@ func (h *Handlers) commonRenderContext(r *http.Request) map[string]interface{} {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (h *Handlers) CSRF() func(http.Handler) http.Handler {
|
func (h *Handlers) CSRF() func(http.Handler) http.Handler {
|
||||||
|
if h.Config.CSRFSecret == "" {
|
||||||
|
// TODO FIXME: generate random
|
||||||
|
h.Config.CSRFSecret = "12345678901234567890123456789012"
|
||||||
|
}
|
||||||
return csrf.Protect(
|
return csrf.Protect(
|
||||||
[]byte("12345678901234567890123456789012"),
|
[]byte(h.Config.CSRFSecret),
|
||||||
csrf.FieldName("authenticity_token"),
|
csrf.FieldName("authenticity_token"),
|
||||||
csrf.Secure(h.session.Cookie.Secure),
|
csrf.Secure(h.session.Cookie.Secure),
|
||||||
)
|
)
|
||||||
|
|
Loading…
Reference in a new issue