dev day #89

2026-06-04 18:52:56 +00:00 · 2025-11-11 10:29:30 +01:00
parent d5b4faea61
commit 8762bde4bf
139 changed files with 7240 additions and 2870 deletions
@@ -7,6 +7,7 @@ import (
 	"sync"
 	"time"

+	"fotbal-club/internal/config"
 	"github.com/gin-gonic/gin"
 )

@@ -64,6 +65,14 @@ func CSRFProtection() gin.HandlerFunc {
 			return
 		}

+		// Dev-only: skip CSRF when using X-Admin-Token (remote admin tools)
+		if config.AppConfig != nil && config.AppConfig.AppEnv != "production" {
+			if token := c.GetHeader("X-Admin-Token"); token != "" && token == config.AppConfig.AdminAccessToken {
+				c.Next()
+				return
+			}
+		}
+
 		// Get token from header or form
 		token := c.GetHeader("X-CSRF-Token")
 		if token == "" {