31 lines
763 B
Go
31 lines
763 B
Go
package middleware
|
|
|
|
import (
|
|
"github.com/labstack/echo/v4"
|
|
echoMiddleware "github.com/labstack/echo/v4/middleware"
|
|
"net/http"
|
|
)
|
|
|
|
func Secure() echo.MiddlewareFunc {
|
|
// logger := e.Logger.Desugar()
|
|
// debug := e.DebugMode
|
|
|
|
// cfg := echomiddleware.SecureConfig{}
|
|
cfg := echoMiddleware.DefaultSecureConfig
|
|
return echoMiddleware.SecureWithConfig(cfg)
|
|
}
|
|
|
|
func CSRF() echo.MiddlewareFunc {
|
|
// we skip requests where cookie authentication was not used,
|
|
// as these are api requests - not from the browser
|
|
cfg := echoMiddleware.CSRFConfig{
|
|
CookieName: "_csrf",
|
|
CookiePath: "/",
|
|
CookieSameSite: http.SameSiteStrictMode,
|
|
Skipper: func(c echo.Context) bool {
|
|
return !CheckCookieAuthUsed(c)
|
|
},
|
|
}
|
|
return echoMiddleware.CSRFWithConfig(cfg)
|
|
}
|