Rewiring CSRF protection and movign some functionality to the bootstrapping stage.

handlers/session/auth.go

@@ -0,0 +1,32 @@
+package handlers
+
+import (
+	"net/http"
+
+	"github.com/gorilla/securecookie"
+)
+
+var (
+	authKey    []byte
+	encryptKey []byte
+)
+
+func SecureCookie(w http.ResponseWriter, name, value string, isProduction bool) error {
+	s := securecookie.New(authKey, encryptKey)
+
+	encoded, err := s.Encode(name, value)
+	if err != nil {
+		return err
+	}
+
+	http.SetCookie(w, &http.Cookie{
+		Name:     name,
+		Value:    encoded,
+		Path:     "/",
+		HttpOnly: true,
+		Secure:   isProduction,
+		SameSite: http.SameSiteStrictMode,
+	})
+
+	return nil
+}