added CSRF
This commit is contained in:
parent
a06e8db2ff
commit
5c7d92f4f3
10 changed files with 42 additions and 6 deletions
|
|
@ -7,9 +7,10 @@ import (
|
|||
"git.snrd.de/Spaenny/goddit"
|
||||
"github.com/go-chi/chi"
|
||||
"github.com/go-chi/chi/middleware"
|
||||
"github.com/gorilla/csrf"
|
||||
)
|
||||
|
||||
func NewHandler(store goddit.Store) *Handler {
|
||||
func NewHandler(store goddit.Store, csrfKey []byte) *Handler {
|
||||
h := &Handler{
|
||||
Mux: chi.NewMux(),
|
||||
store: store,
|
||||
|
|
@ -20,6 +21,7 @@ func NewHandler(store goddit.Store) *Handler {
|
|||
comments := CommentHandler{store: store}
|
||||
|
||||
h.Use(middleware.Logger)
|
||||
h.Use(csrf.Protect(csrfKey, csrf.Secure(false)))
|
||||
|
||||
h.Get("/", h.Home())
|
||||
h.Route("/threads", func(r chi.Router) {
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ import (
|
|||
"git.snrd.de/Spaenny/goddit"
|
||||
"github.com/go-chi/chi"
|
||||
"github.com/google/uuid"
|
||||
"github.com/gorilla/csrf"
|
||||
)
|
||||
|
||||
type PostHandler struct {
|
||||
|
|
@ -15,6 +16,7 @@ type PostHandler struct {
|
|||
|
||||
func (h *PostHandler) Create() http.HandlerFunc {
|
||||
type data struct {
|
||||
CSRF template.HTML
|
||||
Thread goddit.Thread
|
||||
}
|
||||
tmpl := template.Must(template.ParseFiles("templates/layout.html", "templates/post_create.html"))
|
||||
|
|
@ -33,12 +35,16 @@ func (h *PostHandler) Create() http.HandlerFunc {
|
|||
return
|
||||
}
|
||||
|
||||
tmpl.Execute(w, data{Thread: t})
|
||||
tmpl.Execute(w, data{
|
||||
CSRF: csrf.TemplateField(r),
|
||||
Thread: t,
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func (h *PostHandler) Show() http.HandlerFunc {
|
||||
type data struct {
|
||||
CSRF template.HTML
|
||||
Thread goddit.Thread
|
||||
Post goddit.Post
|
||||
Comments []goddit.Comment
|
||||
|
|
@ -78,7 +84,12 @@ func (h *PostHandler) Show() http.HandlerFunc {
|
|||
return
|
||||
}
|
||||
|
||||
tmpl.Execute(w, data{Thread: t, Post: p, Comments: cc})
|
||||
tmpl.Execute(w, data{
|
||||
CSRF: csrf.TemplateField(r),
|
||||
Thread: t,
|
||||
Post: p,
|
||||
Comments: cc,
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ import (
|
|||
"git.snrd.de/Spaenny/goddit"
|
||||
"github.com/go-chi/chi"
|
||||
"github.com/google/uuid"
|
||||
"github.com/gorilla/csrf"
|
||||
)
|
||||
|
||||
type ThreadHandler struct {
|
||||
|
|
@ -31,14 +32,20 @@ func (h *ThreadHandler) List() http.HandlerFunc {
|
|||
}
|
||||
|
||||
func (h *ThreadHandler) Create() http.HandlerFunc {
|
||||
type data struct {
|
||||
CSRF template.HTML
|
||||
}
|
||||
tmpl := template.Must(template.ParseFiles("templates/layout.html", "templates/thread_create.html"))
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
tmpl.Execute(w, nil)
|
||||
tmpl.Execute(w, data{
|
||||
CSRF: csrf.TemplateField(r),
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func (h *ThreadHandler) Show() http.HandlerFunc {
|
||||
type data struct {
|
||||
CSRF template.HTML
|
||||
Thread goddit.Thread
|
||||
Posts []goddit.Post
|
||||
}
|
||||
|
|
@ -61,7 +68,11 @@ func (h *ThreadHandler) Show() http.HandlerFunc {
|
|||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
tmpl.Execute(w, data{Thread: t, Posts: pp})
|
||||
tmpl.Execute(w, data{
|
||||
CSRF: csrf.TemplateField(r),
|
||||
Thread: t,
|
||||
Posts: pp,
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Reference in a new issue