feat: update middleware for csrf checking

2025-11-05 09:28:21 +07:00 · 2025-11-05 09:28:21 +07:00 · 38a72b74c6
parent b3bfb2bc3d
commit 38a72b74c6
1 changed files with 51 additions and 49 deletions
--- a/app/middleware/register.middleware.go
+++ b/app/middleware/register.middleware.go
@ -70,6 +70,8 @@ func (m *Middleware) Register(db *database.Database) {
 	// CSRF CONFIG
 	//===============================

+	// Only setup CSRF middleware if enabled
+	if m.Cfg.Middleware.Csrf.Enable {
 		// Custom storage for CSRF
 		csrfSessionStorage := &PostgresStorage{
 			DB: db.DB,
@ -106,7 +108,6 @@ func (m *Middleware) Register(db *database.Database) {
 		}()

 		m.App.Use(csrf.New(csrf.Config{
-		Next:              utilsSvc.IsEnabled(m.Cfg.Middleware.Csrf.Enable),
 			KeyLookup:         "header:" + csrf.HeaderName,
 			CookieName:        m.Cfg.Middleware.Csrf.CookieName,
 			CookieSameSite:    m.Cfg.Middleware.Csrf.CookieSameSite,
@ -123,6 +124,7 @@ func (m *Middleware) Register(db *database.Database) {
 			Session:    store,
 			SessionKey: "fiber.csrf.token",
 		}))
+	}

 	//===============================
 	m.App.Use(AuditTrailsMiddleware(db.DB))
@ -141,7 +143,7 @@ func (m *Middleware) Register(db *database.Database) {
 		Next: utilsSvc.IsEnabled(m.Cfg.Middleware.Monitor.Enable),
 	}))

-	// Route for generate CSRF token
+	// Route for generate CSRF token (only available if CSRF is enabled)
 	m.App.Get("/csrf-token", func(c *fiber.Ctx) error {
 		// Retrieve CSRF token from Fiber's middleware context
 		token, ok := c.Locals("csrf").(string)