Make CSRF customizable
This commit is contained in:
parent
ac5f74988f
commit
8dbdc9500f
1 changed files with 10 additions and 1 deletions
|
@ -8,9 +8,14 @@ import (
|
|||
"github.com/gorilla/csrf"
|
||||
)
|
||||
|
||||
type Config struct {
|
||||
CSRFSecret string `env:"CSRF_TOKEN"`
|
||||
}
|
||||
|
||||
type Handlers struct {
|
||||
*app.App
|
||||
session *scs.Session
|
||||
Config *Config
|
||||
}
|
||||
|
||||
func NewHandlers(app *app.App) *Handlers {
|
||||
|
@ -34,8 +39,12 @@ func (h *Handlers) commonRenderContext(r *http.Request) map[string]interface{} {
|
|||
}
|
||||
|
||||
func (h *Handlers) CSRF() func(http.Handler) http.Handler {
|
||||
if h.Config.CSRFSecret == "" {
|
||||
// TODO FIXME: generate random
|
||||
h.Config.CSRFSecret = "12345678901234567890123456789012"
|
||||
}
|
||||
return csrf.Protect(
|
||||
[]byte("12345678901234567890123456789012"),
|
||||
[]byte(h.Config.CSRFSecret),
|
||||
csrf.FieldName("authenticity_token"),
|
||||
csrf.Secure(h.session.Cookie.Secure),
|
||||
)
|
||||
|
|
Loading…
Reference in a new issue