From 78e8f597ff28f1b8406f5cfbf934adc22abdf85b Mon Sep 17 00:00:00 2001
From: Peter Stone <thepeterstone@gmail.com>
Date: Tue, 20 Jan 2026 15:18:57 -1000
Subject: Add CSRF protection and auth unit tests

Add CSRF token middleware for state-changing request protection,
integrate tokens into templates and HTMX headers, and add unit
tests for authentication service and handlers.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 internal/handlers/handlers.go | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'internal/handlers/handlers.go')

diff --git a/internal/handlers/handlers.go b/internal/handlers/handlers.go
index 7bb84b9..d52e786 100644
--- a/internal/handlers/handlers.go
+++ b/internal/handlers/handlers.go
@@ -14,6 +14,7 @@ import (
 	"time"
 
 	"task-dashboard/internal/api"
+	"task-dashboard/internal/auth"
 	"task-dashboard/internal/config"
 	"task-dashboard/internal/models"
 	"task-dashboard/internal/store"
@@ -81,9 +82,11 @@ func (h *Handler) HandleDashboard(w http.ResponseWriter, r *http.Request) {
 	data := struct {
 		*models.DashboardData
 		ActiveTab string
+		CSRFToken string
 	}{
 		DashboardData: dashboardData,
 		ActiveTab:     tab,
+		CSRFToken:     auth.GetCSRFTokenFromContext(ctx),
 	}
 
 	if err := h.templates.ExecuteTemplate(w, "index.html", data); err != nil {
-- 
cgit v1.2.3