feat: update csrf toml

2025-04-10 04:38:56 +07:00 · 2025-04-10 04:38:56 +07:00 · d46c9d6595
parent 9f1e0e170f
commit d46c9d6595
4 changed files with 23 additions and 14 deletions
--- a/app/middleware/csrf.middleware.go
+++ b/app/middleware/csrf.middleware.go
@ -4,7 +4,6 @@ import (
 	"fmt"
 	"go-humas-be/app/database/entity"
 	"gorm.io/gorm"
-	"log"
 	"time"
 )

@ -13,18 +12,18 @@ type PostgresStorage struct {
 }

 func (s *PostgresStorage) Get(key string) ([]byte, error) {
-	log.Printf("CSRF Storage: Get token %s", key)
+	//log.Printf("CSRF Storage: Get token %s", key)

 	var record entity.CsrfTokenRecords
 	result := s.DB.Where("token = ?", key).First(&record)

 	if result.Error != nil {
-		log.Printf("CSRF Storage Get error: %v for token: %s", result.Error, key)
+		//log.Printf("CSRF Storage Get error: %v for token: %s", result.Error, key)
 		return nil, result.Error
 	}

 	if record.ExpireAt.Before(time.Now()) {
-		log.Printf("CSRF token %s is expired", key)
+		//log.Printf("CSRF token %s is expired", key)
 		return nil, fmt.Errorf("CSRF token is expired")
 	}

@ -32,7 +31,7 @@ func (s *PostgresStorage) Get(key string) ([]byte, error) {
 }

 func (s *PostgresStorage) Set(key string, value []byte, exp time.Duration) error {
-	log.Printf("CSRF Storage: Setting token %s with expiration %v", key, exp)
+	//log.Printf("CSRF Storage: Setting token %s with expiration %v", key, exp)

 	// Calculate expiration time
 	expireAt := time.Now().Add(exp)
@ -54,15 +53,15 @@ func (s *PostgresStorage) Set(key string, value []byte, exp time.Duration) error
 		}

 		if err := s.DB.Create(&record).Error; err != nil {
-			log.Printf("CSRF Storage: Error saving token: %v", err)
+			//log.Printf("CSRF Storage: Error saving token: %v", err)
 			return err
 		}
 	} else if result.Error != nil {
-		log.Printf("CSRF Storage: Error updating token: %v", result.Error)
+		//log.Printf("CSRF Storage: Error updating token: %v", result.Error)
 		return result.Error
 	}

-	log.Printf("CSRF Storage: Successfully saved/updated token")
+	//log.Printf("CSRF Storage: Successfully saved/updated token")
 	return nil
 }

--- a/app/middleware/register.middleware.go
+++ b/app/middleware/register.middleware.go
@ -103,11 +103,11 @@ func (m *Middleware) Register(db *database.Database) {
 	m.App.Use(csrf.New(csrf.Config{
 		Next:              utilsSvc.IsEnabled(m.Cfg.Middleware.Csrf.Enable),
 		KeyLookup:         "header:" + csrf.HeaderName,
-		CookieName:        "csrf_",
-		CookieSameSite:    "Lax",
-		CookieSecure:      false,
-		CookieSessionOnly: true,
-		CookieHTTPOnly:    true,
+		CookieName:        m.Cfg.Middleware.Csrf.CookieName,
+		CookieSameSite:    m.Cfg.Middleware.Csrf.CookieSameSite,
+		CookieSecure:      m.Cfg.Middleware.Csrf.CookieSecure,
+		CookieSessionOnly: m.Cfg.Middleware.Csrf.CookieSessionOnly,
+		CookieHTTPOnly:    m.Cfg.Middleware.Csrf.CookieHttpOnly,
 		Expiration:        1 * time.Hour,
 		KeyGenerator:      utils.UUIDv4,
 		ContextKey:        "csrf",
--- a/config/config/index.config.go
+++ b/config/config/index.config.go
@ -75,6 +75,11 @@ type middleware = struct {

 	Csrf struct {
 		Enable            bool
+		CookieName        string `toml:"cookie-name"`
+		CookieSameSite    string `toml:"cookie-same-site"`
+		CookieSecure      bool   `toml:"cookie-secure"`
+		CookieSessionOnly bool   `toml:"cookie-session-only"`
+		CookieHttpOnly    bool   `toml:"cookie-http-only"`
 	}

 	AuditTrails struct {
--- a/config/toml/config.toml
+++ b/config/toml/config.toml
@ -55,6 +55,11 @@ expiration_seconds = 60

 [middleware.csrf]
 enable = true
+cookie-name = "csrf_"
+cookie-same-site = "Lax"
+cookie-secure = false
+cookie-session-only = true
+cookie-http-only = true

 [middleware.audittrails]
 enable = true