Added ErrorHandler and ErrorHandlerWithContext in CSRF middleware (#2257)

mojixcoder · web-flow · commit d77e8c09b21b · 2022-09-01T10:51:55.000+03:00
* feat: add error handler to csrf middleware

Co-authored-by: Mojtaba Arezoomand &lt;mojtaba.arezoomand@snapp.cab&gt;
diff --git a/middleware/csrf.go b/middleware/csrf.go
@@ -61,7 +61,13 @@ type (
 		// Indicates SameSite mode of the CSRF cookie.
 		// Optional. Default value SameSiteDefaultMode.
 		CookieSameSite http.SameSite `yaml:"cookie_same_site"`
+
+		// ErrorHandler defines a function which is executed for returning custom errors.
+		ErrorHandler CSRFErrorHandler
 	}
+
+	// CSRFErrorHandler is a function which is executed for creating custom errors.
+	CSRFErrorHandler func(err error, c echo.Context) error
 )
 
 // ErrCSRFInvalid is returned when CSRF check fails
@@ -154,8 +160,9 @@ func CSRFWithConfig(config CSRFConfig) echo.MiddlewareFunc {
 						lastTokenErr = ErrCSRFInvalid
 					}
 				}
+				var finalErr error
 				if lastTokenErr != nil {
-					return lastTokenErr
+					finalErr = lastTokenErr
 				} else if lastExtractorErr != nil {
 					// ugly part to preserve backwards compatible errors. someone could rely on them
 					if lastExtractorErr == errQueryExtractorValueMissing {
@@ -167,7 +174,14 @@ func CSRFWithConfig(config CSRFConfig) echo.MiddlewareFunc {
 					} else {
 						lastExtractorErr = echo.NewHTTPError(http.StatusBadRequest, lastExtractorErr.Error())
 					}
-					return lastExtractorErr
+					finalErr = lastExtractorErr
+				}
+
+				if finalErr != nil {
+					if config.ErrorHandler != nil {
+						return config.ErrorHandler(finalErr, c)
+					}
+					return finalErr
 				}
 			}
 
diff --git a/middleware/csrf_test.go b/middleware/csrf_test.go
@@ -358,3 +358,25 @@ func TestCSRFConfig_skipper(t *testing.T) {
 		})
 	}
 }
+
+func TestCSRFErrorHandling(t *testing.T) {
+	cfg := CSRFConfig{
+		ErrorHandler: func(err error, c echo.Context) error {
+			return echo.NewHTTPError(http.StatusTeapot, "error_handler_executed")
+		},
+	}
+
+	e := echo.New()
+	e.POST("/", func(c echo.Context) error {
+		return c.String(http.StatusNotImplemented, "should not end up here")
+	})
+
+	e.Use(CSRFWithConfig(cfg))
+
+	req := httptest.NewRequest(http.MethodPost, "/", nil)
+	res := httptest.NewRecorder()
+	e.ServeHTTP(res, req)
+
+	assert.Equal(t, http.StatusTeapot, res.Code)
+	assert.Equal(t, "{\"message\":\"error_handler_executed\"}\n", res.Body.String())
+}

Original file line number	Diff line number	Diff line change
`@@ -61,7 +61,13 @@ type (`
`61`	`61`	`// Indicates SameSite mode of the CSRF cookie.`
`62`	`62`	`// Optional. Default value SameSiteDefaultMode.`
`63`	`63`	CookieSameSite http.SameSite `yaml:"cookie_same_site"`
	`64`	`+`
	`65`	`+ // ErrorHandler defines a function which is executed for returning custom errors.`
	`66`	`+ ErrorHandler CSRFErrorHandler`
`64`	`67`	`}`
	`68`	`+`
	`69`	`+ // CSRFErrorHandler is a function which is executed for creating custom errors.`
	`70`	`+ CSRFErrorHandler func(err error, c echo.Context) error`
`65`	`71`	`)`
`66`	`72`
`67`	`73`	`// ErrCSRFInvalid is returned when CSRF check fails`
`@@ -154,8 +160,9 @@ func CSRFWithConfig(config CSRFConfig) echo.MiddlewareFunc {`
`154`	`160`	`lastTokenErr = ErrCSRFInvalid`
`155`	`161`	`}`
`156`	`162`	`}`
	`163`	`+ var finalErr error`
`157`	`164`	`if lastTokenErr != nil {`
`158`		`- return lastTokenErr`
	`165`	`+ finalErr = lastTokenErr`
`159`	`166`	`} else if lastExtractorErr != nil {`
`160`	`167`	`// ugly part to preserve backwards compatible errors. someone could rely on them`
`161`	`168`	`if lastExtractorErr == errQueryExtractorValueMissing {`
`@@ -167,7 +174,14 @@ func CSRFWithConfig(config CSRFConfig) echo.MiddlewareFunc {`
`167`	`174`	`} else {`
`168`	`175`	`lastExtractorErr = echo.NewHTTPError(http.StatusBadRequest, lastExtractorErr.Error())`
`169`	`176`	`}`
`170`		`- return lastExtractorErr`
	`177`	`+ finalErr = lastExtractorErr`
	`178`	`+ }`
	`179`	`+`
	`180`	`+ if finalErr != nil {`
	`181`	`+ if config.ErrorHandler != nil {`
	`182`	`+ return config.ErrorHandler(finalErr, c)`
	`183`	`+ }`
	`184`	`+ return finalErr`
`171`	`185`	`}`
`172`	`186`	`}`
`173`	`187`