Make CSRF customizable

This commit is contained in:
paul 2019-08-22 00:49:23 +02:00
parent ac5f74988f
commit 8dbdc9500f

View file

@ -8,9 +8,14 @@ import (
"github.com/gorilla/csrf"
)
type Config struct {
CSRFSecret string `env:"CSRF_TOKEN"`
}
type Handlers struct {
*app.App
session *scs.Session
Config *Config
}
func NewHandlers(app *app.App) *Handlers {
@ -34,8 +39,12 @@ func (h *Handlers) commonRenderContext(r *http.Request) map[string]interface{} {
}
func (h *Handlers) CSRF() func(http.Handler) http.Handler {
if h.Config.CSRFSecret == "" {
// TODO FIXME: generate random
h.Config.CSRFSecret = "12345678901234567890123456789012"
}
return csrf.Protect(
[]byte("12345678901234567890123456789012"),
[]byte(h.Config.CSRFSecret),
csrf.FieldName("authenticity_token"),
csrf.Secure(h.session.Cookie.Secure),
)