feat: adds dropdown to automation form fields

- feat: adds csrf token check
- feat: adds conversation sub and unsub for WS updates.
- Clean up and remove unncessary code
- refactor and simplify auth middlewares
- fix: automation rules
- Update schema.sql

internal/auth/auth.go

@@ -2,6 +2,8 @@ package auth
 
 import (
 	"context"
+	"crypto/rand"
+	"encoding/base64"
 	"errors"
 	"fmt"
 	"net/http"
@@ -20,6 +22,10 @@ import (
 	"golang.org/x/oauth2"
 )
 
+const (
+	csrfTokenLength = 20
+)
+
 type OIDCclaim struct {
 	Email         string `json:"email"`
 	EmailVerified bool   `json:"email_verified"`
@@ -162,6 +168,22 @@ func (a *Auth) SaveSession(user models.User, r *fastglue.Request) error {
 	return nil
 }
 
+// SetCSRFCookie sets the CSRF token in the response cookie
+func (a *Auth) SetCSRFCookie(r *fastglue.Request) error {
+	token, err := generateCSRFToken()
+	if err != nil {
+		return err
+	}
+	var csrfCookie fasthttp.Cookie
+	csrfCookie.SetKey("csrf_token")
+	csrfCookie.SetValue(token)
+	csrfCookie.SetPath("/")
+	csrfCookie.SetSecure(true)
+	csrfCookie.SetHTTPOnly(false)
+	r.RequestCtx.Response.Header.SetCookie(&csrfCookie)
+	return nil
+}
+
 // ValidateSession validates session and returns the user.
 func (a *Auth) ValidateSession(r *fastglue.Request) (models.User, error) {
 	sess, err := a.sess.Acquire(r.RequestCtx, r, r)
@@ -206,6 +228,15 @@ func (a *Auth) DestroySession(r *fastglue.Request) error {
 	return nil
 }
 
+// generateCSRFToken creates a random CSRF token
+func generateCSRFToken() (string, error) {
+	b := make([]byte, csrfTokenLength)
+	if _, err := rand.Read(b); err != nil {
+		return "", err
+	}
+	return base64.StdEncoding.EncodeToString(b), nil
+}
+
 // getRequestCookie returns fashttp.Cookie for the given name.
 func getRequestCookie(name string, r *fastglue.Request) (*fasthttp.Cookie, error) {
 	// Cookie value.