aboutsummaryrefslogtreecommitdiff
path: root/server/middleware/token.go
diff options
context:
space:
mode:
Diffstat (limited to 'server/middleware/token.go')
-rw-r--r--server/middleware/token.go81
1 files changed, 0 insertions, 81 deletions
diff --git a/server/middleware/token.go b/server/middleware/token.go
deleted file mode 100644
index e1666f7f..00000000
--- a/server/middleware/token.go
+++ /dev/null
@@ -1,81 +0,0 @@
-// Copyright 2017 Frédéric Guillot. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-package middleware
-
-import (
- "context"
- "net/http"
-
- "github.com/miniflux/miniflux/logger"
- "github.com/miniflux/miniflux/model"
- "github.com/miniflux/miniflux/storage"
-)
-
-// TokenMiddleware represents a token middleware.
-type TokenMiddleware struct {
- store *storage.Storage
-}
-
-// Handler execute the middleware.
-func (t *TokenMiddleware) Handler(next http.Handler) http.Handler {
- return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- var err error
- token := t.getTokenValueFromCookie(r)
-
- if token == nil {
- logger.Debug("[Middleware:Token] Token not found")
- token, err = t.store.CreateToken()
- if err != nil {
- logger.Error("[Middleware:Token] %v", err)
- http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
- return
- }
-
- cookie := &http.Cookie{
- Name: "tokenID",
- Value: token.ID,
- Path: "/",
- Secure: r.URL.Scheme == "https",
- HttpOnly: true,
- }
-
- http.SetCookie(w, cookie)
- } else {
- logger.Info("[Middleware:Token] %s", token)
- }
-
- isTokenValid := token.Value == r.FormValue("csrf") || token.Value == r.Header.Get("X-Csrf-Token")
-
- if r.Method == "POST" && !isTokenValid {
- logger.Error("[Middleware:CSRF] Invalid or missing CSRF token!")
- w.WriteHeader(http.StatusBadRequest)
- w.Write([]byte("Invalid or missing CSRF token!"))
- } else {
- ctx := r.Context()
- ctx = context.WithValue(ctx, TokenContextKey, token.Value)
- next.ServeHTTP(w, r.WithContext(ctx))
- }
- })
-}
-
-func (t *TokenMiddleware) getTokenValueFromCookie(r *http.Request) *model.Token {
- tokenCookie, err := r.Cookie("tokenID")
- if err == http.ErrNoCookie {
- return nil
- }
-
- token, err := t.store.Token(tokenCookie.Value)
- if err != nil {
- logger.Error("[Middleware:Token] %v", err)
- return nil
- }
-
- return token
-}
-
-// NewTokenMiddleware returns a new TokenMiddleware.
-func NewTokenMiddleware(s *storage.Storage) *TokenMiddleware {
- return &TokenMiddleware{store: s}
-}
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-18 16:57:28 +0000