diff --git a/controllers/getController.go b/controllers/getController.go
index b09427a..c74b073 100644
--- a/controllers/getController.go
+++ b/controllers/getController.go
@@ -3,6 +3,7 @@ package controllers
import (
"GoWeb/app"
"GoWeb/database/models"
+ "GoWeb/security"
"GoWeb/templating"
"net/http"
)
@@ -25,11 +26,39 @@ func (getController *GetController) ShowHome(w http.ResponseWriter, r *http.Requ
}
func (getController *GetController) ShowRegister(w http.ResponseWriter, r *http.Request) {
- templating.RenderTemplate(getController.App, w, "templates/pages/register.html", nil)
+ type dataStruct struct {
+ csrf_token string
+ }
+
+ // Create csrf token
+ csrf_token, err := security.GenerateCsrfToken(w, r)
+ if err != nil {
+ return
+ }
+
+ data := dataStruct{
+ csrf_token: csrf_token,
+ }
+
+ templating.RenderTemplate(getController.App, w, "templates/pages/register.html", data)
}
func (getController *GetController) ShowLogin(w http.ResponseWriter, r *http.Request) {
- templating.RenderTemplate(getController.App, w, "templates/pages/login.html", nil)
+ type dataStruct struct {
+ csrf_token string
+ }
+
+ // Create csrf token
+ csrf_token, err := security.GenerateCsrfToken(w, r)
+ if err != nil {
+ return
+ }
+
+ data := dataStruct{
+ csrf_token: csrf_token,
+ }
+
+ templating.RenderTemplate(getController.App, w, "templates/pages/login.html", data)
}
func (getController *GetController) Logout(w http.ResponseWriter, r *http.Request) {
diff --git a/controllers/postController.go b/controllers/postController.go
index 0f775f3..cae876e 100644
--- a/controllers/postController.go
+++ b/controllers/postController.go
@@ -3,6 +3,7 @@ package controllers
import (
"GoWeb/app"
"GoWeb/database/models"
+ "GoWeb/security"
"log"
"net/http"
"time"
@@ -14,6 +15,13 @@ type PostController struct {
}
func (postController *PostController) Login(w http.ResponseWriter, r *http.Request) {
+ // Validate csrf token
+ _, err := security.VerifyCsrfToken(r)
+ if err != nil {
+ log.Println("Error verifying csrf token")
+ return
+ }
+
username := r.FormValue("username")
password := r.FormValue("password")
@@ -22,7 +30,7 @@ func (postController *PostController) Login(w http.ResponseWriter, r *http.Reque
http.Redirect(w, r, "/login", http.StatusFound)
}
- _, err := models.AuthenticateUser(postController.App, w, username, password)
+ _, err = models.AuthenticateUser(postController.App, w, username, password)
if err != nil {
log.Println("Error authenticating user")
log.Println(err)
@@ -34,6 +42,13 @@ func (postController *PostController) Login(w http.ResponseWriter, r *http.Reque
}
func (postController *PostController) Register(w http.ResponseWriter, r *http.Request) {
+ // Validate csrf token
+ _, err := security.VerifyCsrfToken(r)
+ if err != nil {
+ log.Println("Error verifying csrf token")
+ return
+ }
+
username := r.FormValue("username")
password := r.FormValue("password")
createdAt := time.Now()
@@ -44,7 +59,7 @@ func (postController *PostController) Register(w http.ResponseWriter, r *http.Re
http.Redirect(w, r, "/register", http.StatusFound)
}
- _, err := models.CreateUser(postController.App, username, password, createdAt, updatedAt)
+ _, err = models.CreateUser(postController.App, username, password, createdAt, updatedAt)
if err != nil {
log.Println("Error creating user")
log.Println(err)
diff --git a/templates/pages/login.html b/templates/pages/login.html
index ea3826c..6e30b33 100644
--- a/templates/pages/login.html
+++ b/templates/pages/login.html
@@ -2,6 +2,8 @@
{{ define "content" }}