From 21f3a3d000a5ef1a372e0cca121bec43a17709eb Mon Sep 17 00:00:00 2001
From: strNophix <nvdpoel01@gmail.com>
Date: Fri, 30 Sep 2022 16:35:04 +0200
Subject: [PATCH] Added CSRF middleware

---
 pkg/app/app.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/pkg/app/app.go b/pkg/app/app.go
index dba575b..3b8fc97 100644
--- a/pkg/app/app.go
+++ b/pkg/app/app.go
@@ -10,10 +10,10 @@ import (
 
 	"github.com/gofiber/fiber/v2"
 	"github.com/gofiber/fiber/v2/middleware/cors"
+	"github.com/gofiber/fiber/v2/middleware/csrf"
 	"github.com/gofiber/fiber/v2/middleware/logger"
 )
 
-/*Init : set the port,cors,api and then serve the api*/
 func Init() {
 	app := fiber.New(fiber.Config{
 		ErrorHandler: func(ctx *fiber.Ctx, err error) error {
@@ -33,6 +33,10 @@ func Init() {
 		AllowCredentials: true,
 	}))
 	app.Use(logger.New())
+	app.Use(csrf.New(csrf.Config{
+		CookieHTTPOnly: true,
+		CookieSameSite: "strict",
+	}))
 
 	api := app.Group("/api")
 	v1 := api.Group("/v1")
@@ -46,7 +50,7 @@ func Init() {
 		return c.SendString("This is a protected route!")
 	})
 
-	// Serve SPA
+	// Serve React frontend
 	app.Static("/", "./dist")
 	app.Get("/*", func(ctx *fiber.Ctx) error {
 		return ctx.SendFile("./dist/index.html")