From c715d75edfa60329267755242bde88c17a99af26 Mon Sep 17 00:00:00 2001
From: Jason McNeil <sixcolors@mac.com>
Date: Tue, 28 May 2024 16:37:02 -0300
Subject: [PATCH] fix(csrf-with-session): fix order for csrfMiddleware

---
 .gitignore                |  3 ++-
 csrf-with-session/main.go | 16 ++++++++--------
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/.gitignore b/.gitignore
index 8d4488eb34..05b2359100 100644
--- a/.gitignore
+++ b/.gitignore
@@ -32,6 +32,7 @@ go.work
 
 # Ignore main binaries
 **/main
-csrf-with-session/__debug_bin1210231247
+
+# Ignore certificates in csrf-with-session example
 csrf-with-session/cert.pem
 csrf-with-session/key.pem
diff --git a/csrf-with-session/main.go b/csrf-with-session/main.go
index f8bbf20ac9..98239a4444 100644
--- a/csrf-with-session/main.go
+++ b/csrf-with-session/main.go
@@ -142,17 +142,17 @@ func main() {
 	})
 
 	// Route for the login page
-	app.Get("/login", csrfMiddleware, func(c fiber.Ctx) error {
+	app.Get("/login", func(c fiber.Ctx) error {
 		csrfToken := csrf.TokenFromContext(c)
 
 		return c.Render("login", fiber.Map{
 			"Title": "Login",
 			"csrf":  csrfToken,
 		})
-	})
+	}, csrfMiddleware)
 
 	// Route for processing the login
-	app.Post("/login", csrfMiddleware, func(c fiber.Ctx) error {
+	app.Post("/login", func(c fiber.Ctx) error {
 		// Retrieve the submitted form data
 		username := c.FormValue("username")
 		password := c.FormValue("password")
@@ -192,7 +192,7 @@ func main() {
 
 		// Redirect to the protected route
 		return c.Redirect().To("/protected")
-	})
+	}, csrfMiddleware)
 
 	// Route for logging out
 	app.Get("/logout", func(c fiber.Ctx) error {
@@ -212,7 +212,7 @@ func main() {
 	})
 
 	// Route for the protected content
-	app.Get("/protected", csrfMiddleware, func(c fiber.Ctx) error {
+	app.Get("/protected", func(c fiber.Ctx) error {
 		// Check if the user is logged in
 		session, err := store.Get(c)
 		if err != nil {
@@ -231,10 +231,10 @@ func main() {
 			"Title": "Protected",
 			"csrf":  csrfToken,
 		})
-	})
+	}, csrfMiddleware)
 
 	// Route for processing the protected form
-	app.Post("/protected", csrfMiddleware, func(c fiber.Ctx) error {
+	app.Post("/protected", func(c fiber.Ctx) error {
 		// Check if the user is logged in
 		session, err := store.Get(c)
 		if err != nil {
@@ -257,7 +257,7 @@ func main() {
 			"csrf":    csrfToken,
 			"message": message,
 		})
-	})
+	}, csrfMiddleware)
 
 	certFile := "cert.pem"
 	keyFile := "key.pem"