Use csrf tokens and validation with login and register forms
This commit is contained in:
parent
2f631cf3ee
commit
1eb278c4b9
@ -3,6 +3,7 @@ package controllers
|
|||||||
import (
|
import (
|
||||||
"GoWeb/app"
|
"GoWeb/app"
|
||||||
"GoWeb/database/models"
|
"GoWeb/database/models"
|
||||||
|
"GoWeb/security"
|
||||||
"GoWeb/templating"
|
"GoWeb/templating"
|
||||||
"net/http"
|
"net/http"
|
||||||
)
|
)
|
||||||
@ -25,11 +26,39 @@ func (getController *GetController) ShowHome(w http.ResponseWriter, r *http.Requ
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (getController *GetController) ShowRegister(w http.ResponseWriter, r *http.Request) {
|
func (getController *GetController) ShowRegister(w http.ResponseWriter, r *http.Request) {
|
||||||
templating.RenderTemplate(getController.App, w, "templates/pages/register.html", nil)
|
type dataStruct struct {
|
||||||
|
csrf_token string
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create csrf token
|
||||||
|
csrf_token, err := security.GenerateCsrfToken(w, r)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
data := dataStruct{
|
||||||
|
csrf_token: csrf_token,
|
||||||
|
}
|
||||||
|
|
||||||
|
templating.RenderTemplate(getController.App, w, "templates/pages/register.html", data)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (getController *GetController) ShowLogin(w http.ResponseWriter, r *http.Request) {
|
func (getController *GetController) ShowLogin(w http.ResponseWriter, r *http.Request) {
|
||||||
templating.RenderTemplate(getController.App, w, "templates/pages/login.html", nil)
|
type dataStruct struct {
|
||||||
|
csrf_token string
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create csrf token
|
||||||
|
csrf_token, err := security.GenerateCsrfToken(w, r)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
data := dataStruct{
|
||||||
|
csrf_token: csrf_token,
|
||||||
|
}
|
||||||
|
|
||||||
|
templating.RenderTemplate(getController.App, w, "templates/pages/login.html", data)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (getController *GetController) Logout(w http.ResponseWriter, r *http.Request) {
|
func (getController *GetController) Logout(w http.ResponseWriter, r *http.Request) {
|
||||||
|
@ -3,6 +3,7 @@ package controllers
|
|||||||
import (
|
import (
|
||||||
"GoWeb/app"
|
"GoWeb/app"
|
||||||
"GoWeb/database/models"
|
"GoWeb/database/models"
|
||||||
|
"GoWeb/security"
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
"time"
|
"time"
|
||||||
@ -14,6 +15,13 @@ type PostController struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (postController *PostController) Login(w http.ResponseWriter, r *http.Request) {
|
func (postController *PostController) Login(w http.ResponseWriter, r *http.Request) {
|
||||||
|
// Validate csrf token
|
||||||
|
_, err := security.VerifyCsrfToken(r)
|
||||||
|
if err != nil {
|
||||||
|
log.Println("Error verifying csrf token")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
username := r.FormValue("username")
|
username := r.FormValue("username")
|
||||||
password := r.FormValue("password")
|
password := r.FormValue("password")
|
||||||
|
|
||||||
@ -22,7 +30,7 @@ func (postController *PostController) Login(w http.ResponseWriter, r *http.Reque
|
|||||||
http.Redirect(w, r, "/login", http.StatusFound)
|
http.Redirect(w, r, "/login", http.StatusFound)
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err := models.AuthenticateUser(postController.App, w, username, password)
|
_, err = models.AuthenticateUser(postController.App, w, username, password)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("Error authenticating user")
|
log.Println("Error authenticating user")
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
@ -34,6 +42,13 @@ func (postController *PostController) Login(w http.ResponseWriter, r *http.Reque
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (postController *PostController) Register(w http.ResponseWriter, r *http.Request) {
|
func (postController *PostController) Register(w http.ResponseWriter, r *http.Request) {
|
||||||
|
// Validate csrf token
|
||||||
|
_, err := security.VerifyCsrfToken(r)
|
||||||
|
if err != nil {
|
||||||
|
log.Println("Error verifying csrf token")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
username := r.FormValue("username")
|
username := r.FormValue("username")
|
||||||
password := r.FormValue("password")
|
password := r.FormValue("password")
|
||||||
createdAt := time.Now()
|
createdAt := time.Now()
|
||||||
@ -44,7 +59,7 @@ func (postController *PostController) Register(w http.ResponseWriter, r *http.Re
|
|||||||
http.Redirect(w, r, "/register", http.StatusFound)
|
http.Redirect(w, r, "/register", http.StatusFound)
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err := models.CreateUser(postController.App, username, password, createdAt, updatedAt)
|
_, err = models.CreateUser(postController.App, username, password, createdAt, updatedAt)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("Error creating user")
|
log.Println("Error creating user")
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
|
@ -2,6 +2,8 @@
|
|||||||
|
|
||||||
{{ define "content" }}
|
{{ define "content" }}
|
||||||
<form action="/login-handle" method="post">
|
<form action="/login-handle" method="post">
|
||||||
|
<input type="hidden" name="csrf_token" value="{{ .csrfToken }}">
|
||||||
|
|
||||||
<label for="username">Username:</label><br>
|
<label for="username">Username:</label><br>
|
||||||
<input id="username" name="username" type="text" value="John"><br><br>
|
<input id="username" name="username" type="text" value="John"><br><br>
|
||||||
<label for="password">Password:</label><br>
|
<label for="password">Password:</label><br>
|
||||||
|
@ -2,6 +2,8 @@
|
|||||||
|
|
||||||
{{ define "content" }}
|
{{ define "content" }}
|
||||||
<form action="/register-handle" method="post">
|
<form action="/register-handle" method="post">
|
||||||
|
<input type="hidden" name="csrf_token" value="{{ .csrfToken }}">
|
||||||
|
|
||||||
<label for="username">Username:</label><br>
|
<label for="username">Username:</label><br>
|
||||||
<input id="username" name="username" type="text" value="John"><br><br>
|
<input id="username" name="username" type="text" value="John"><br><br>
|
||||||
<label for="password">Password:</label><br>
|
<label for="password">Password:</label><br>
|
||||||
|
Loading…
Reference in New Issue
Block a user