rework to lighten the main, refactor wrappers. Rehandle csrf and pull config items.

main.go

@@ -3,17 +3,17 @@ package main
 import (
 	"log"
 	"net/http"
+
+	securityhandlers "synlotto-website/handlers/security"
+
 	"synlotto-website/bootstrap"
 	"synlotto-website/config"
 	"synlotto-website/handlers"
-	"synlotto-website/helpers"
 	"synlotto-website/logging"
 	"synlotto-website/middleware"
 	"synlotto-website/models"
 	"synlotto-website/routes"
 	"synlotto-website/storage"
-
-	"github.com/gorilla/csrf"
 )
 
 func main() {
@@ -27,11 +27,10 @@ func main() {
 	db := storage.InitDB("synlotto.db")
 	models.SetDB(db) // Should be in storage not models.
 
-	csrfMiddleware := csrf.Protect(
-		[]byte("abcdefghijklmnopqrstuvwx12345678"), // TodO: Make Global
-		csrf.Secure(true),
-		csrf.Path("/"),
-	)
+	err = securityhandlers.InitCSRFProtection([]byte(appState.Config.CSRF.CSRFKey), appState.Config.HttpServer.ProductionMode)
+	if err != nil {
+		logging.Error("Failed to init CSRF: %v", err)
+	}
 
 	mux := http.NewServeMux()
 	routes.SetupAdminRoutes(mux, db)
@@ -42,7 +41,8 @@ func main() {
 	mux.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.Dir("static"))))
 	mux.HandleFunc("/", handlers.Home(db))
 
-	wrapped := helpers.RateLimit(csrfMiddleware(mux))
+	wrapped := securityhandlers.CSRFMiddleware(mux)
+	wrapped = middleware.RateLimit(wrapped)
 	wrapped = middleware.EnforceHTTPS(wrapped, appState.Config.HttpServer.ProductionMode)
 	wrapped = middleware.SecureHeaders(wrapped)
 	wrapped = middleware.Recover(wrapped)