Add CSRF middleware implementation and update go.mod/go.sum for dependencies

2025-04-28 20:26:17 -05:00
parent b0a8ec88b3
commit 8cf7841f20
4 changed files with 219 additions and 22 deletions
--- a/internal/middleware/security.go
+++ b/internal/middleware/security.go
@ -2,8 +2,6 @@ package middleware

 import (
 	"net/http"
-
-	"github.com/gorilla/sessions"
 )

 // SecurityHeaders adds security and cache-control headers to all responses
@ -54,25 +52,6 @@ func SecureHeaders() Middleware {
 	}
 }

-// middleware/csrf.go
-func CSRFMiddleware(store sessions.Store) Middleware {
-	return func(next http.Handler) http.Handler {
-		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			if r.Method == "POST" {
-				session, _ := store.Get(r, "auth-session")
-				csrfToken := session.Values["csrf_token"].(string)
-				formToken := r.FormValue("_csrf")
-
-				if csrfToken != formToken {
-					http.Error(w, "Invalid CSRF token", http.StatusForbidden)
-					return
-				}
-			}
-			next.ServeHTTP(w, r)
-		})
-	}
-}
-
 // MaxBodySize limits the maximum size of request bodies
 // size parameter is in bytes
 func MaxBodySize(maxSize int64) Middleware {