/* * SPDX-FileCopyrightText: 2023 jordi fita mas * SPDX-License-Identifier: AGPL-3.0-only */ package auth import ( "errors" "net/http" "golang.org/x/text/language" "dev.tandem.ws/tandem/camper/pkg/locale" ) const ( CSRFTokenField = "csrf_token" CSRFTokenHeader = "X-CSRFToken" ) type User struct { ID int Email string LoggedIn bool Role string Language language.Tag CSRFToken string Locale *locale.Locale } func (user *User) VerifyCSRFToken(r *http.Request) error { token := r.Header.Get(CSRFTokenHeader) if token == "" { token = r.FormValue(CSRFTokenField) } if user.CSRFToken == token { return nil } return errors.New(user.Locale.Gettext("Cross-site request forgery detected.")) }