41 lines
746 B
Go
41 lines
746 B
Go
/*
|
|
* SPDX-FileCopyrightText: 2023 jordi fita mas <jfita@peritasoft.com>
|
|
* SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
|
|
package auth
|
|
|
|
import (
|
|
"errors"
|
|
"net/http"
|
|
|
|
"golang.org/x/text/language"
|
|
|
|
"dev.tandem.ws/tandem/camper/pkg/locale"
|
|
)
|
|
|
|
const (
|
|
CSRFTokenField = "csrf_token"
|
|
CSRFTokenHeader = "X-CSRFToken"
|
|
)
|
|
|
|
type User struct {
|
|
Email string
|
|
LoggedIn bool
|
|
Role string
|
|
Language language.Tag
|
|
CSRFToken string
|
|
Locale *locale.Locale
|
|
}
|
|
|
|
func (user *User) VerifyCSRFToken(r *http.Request) error {
|
|
token := r.Header.Get(CSRFTokenHeader)
|
|
if token == "" {
|
|
token = r.FormValue(CSRFTokenField)
|
|
}
|
|
if user.CSRFToken == token {
|
|
return nil
|
|
}
|
|
return errors.New(user.Locale.Gettext("Cross-site request forgery detected."))
|
|
}
|