wiki-cafe/member-console
0
0
Fork 0
Code Issues Pull Requests Packages Projects 1 Releases Activity

Refactor CORS and CSRF middleware to use options directly and remove default config functions

Browse Source
This commit is contained in:
Christian Galo
2025-04-29 03:19:47 -05:00
parent 7dbde25bcf
commit 1581fbca4b
3 changed files with 19 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
internal/middleware/csrf.go
View File

@ -43,16 +43,6 @@ type CSRFConfig struct {
Ignore []func(r *http.Request) bool
}
// DefaultCSRFConfig returns a minimal configuration for CSRF middleware
// It only sets values that must be provided, allowing the CSRF package
// to use its own defaults for everything else.
func DefaultCSRFConfig() CSRFConfig {
return CSRFConfig{
Secret: nil, // Must be set by the application
Ignore: []func(r *http.Request) bool{},
}
}
// CSRF middleware provides Cross-Site Request Forgery protection
func CSRF(config CSRFConfig) Middleware {
// Only set options that are explicitly configured
@ -105,10 +95,12 @@ func CSRF(config CSRFConfig) Middleware {
if r.URL.Path == config.Path || (len(r.URL.Path) >= len(config.Path) &&
r.URL.Path[:len(config.Path)] == config.Path) {
// Check if the request should be ignored
for _, ignoreFunc := range config.Ignore {
if ignoreFunc(r) {
next.ServeHTTP(w, r)
return
if config.Ignore != nil {
for _, ignoreFunc := range config.Ignore {
if ignoreFunc(r) {
next.ServeHTTP(w, r)
return
}
}
}
csrfHandler(next).ServeHTTP(w, r)