Skip to content

Commit

Permalink
fix: create csrf token with session
Browse files Browse the repository at this point in the history
  • Loading branch information
katallaxie authored Jun 27, 2024
1 parent d5346f0 commit 6bbb515
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 2 deletions.
1 change: 1 addition & 0 deletions adapters/adapter.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ func init() {
gob.Register(&GothSession{})
gob.Register(&GothTeam{})
gob.Register(&GothVerificationToken{})
gob.Register(&GothCsrfToken{})
}

// CsrfTokenGenerator is a function that generates a CSRF token.
Expand Down
12 changes: 10 additions & 2 deletions adapters/gorm/gorm.go
Original file line number Diff line number Diff line change
Expand Up @@ -85,8 +85,16 @@ func (a *gormAdapter) GetUser(ctx context.Context, id uuid.UUID) (adapters.GothU

// CreateSession is a helper function to create a new session.
func (a *gormAdapter) CreateSession(ctx context.Context, userID uuid.UUID, expires time.Time) (adapters.GothSession, error) {
session := adapters.GothSession{UserID: userID, SessionToken: uuid.NewString(), ExpiresAt: expires}
err := a.db.WithContext(ctx).Create(&session).Error
session := adapters.GothSession{
UserID: userID,
SessionToken: uuid.NewString(),
ExpiresAt: expires,
CsrfToken: adapters.GothCsrfToken{
Token: uuid.NewString(), // creates a token that is used to prevent CSRF attacks
ExpiresAt: time.Now().Add(24 * time.Hour),
},
}
err := a.db.Session(&gorm.Session{FullSaveAssociations: true}).WithContext(ctx).Create(&session).Error
if err != nil {
return adapters.GothSession{}, goth.ErrBadSession
}
Expand Down

0 comments on commit 6bbb515

Please sign in to comment.