max/GoWeb
1
1
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases 7 Wiki Activity

Use csrf tokens and validation with login and register forms

Browse Source
This commit is contained in:
max 2022-11-14 12:29:55 -06:00
parent 2f631cf3ee
commit 1eb278c4b9
4 changed files with 52 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
controllers/getController.go
View File

@ -3,6 +3,7 @@ package controllers
import ( import (
"GoWeb/app" "GoWeb/app"
"GoWeb/database/models" "GoWeb/database/models"
"GoWeb/security"
"GoWeb/templating" "GoWeb/templating"
"net/http" "net/http"
) )
@ -25,11 +26,39 @@ func (getController *GetController) ShowHome(w http.ResponseWriter, r *http.Requ
} }
func (getController *GetController) ShowRegister(w http.ResponseWriter, r *http.Request) { func (getController *GetController) ShowRegister(w http.ResponseWriter, r *http.Request) {
templating.RenderTemplate(getController.App, w, "templates/pages/register.html", nil) type dataStruct struct {
csrf_token string
}
// Create csrf token
csrf_token, err := security.GenerateCsrfToken(w, r)
if err != nil {
return
}
data := dataStruct{
csrf_token: csrf_token,
}
templating.RenderTemplate(getController.App, w, "templates/pages/register.html", data)
} }
func (getController *GetController) ShowLogin(w http.ResponseWriter, r *http.Request) { func (getController *GetController) ShowLogin(w http.ResponseWriter, r *http.Request) {
templating.RenderTemplate(getController.App, w, "templates/pages/login.html", nil) type dataStruct struct {
csrf_token string
}
// Create csrf token
csrf_token, err := security.GenerateCsrfToken(w, r)
if err != nil {
return
}
data := dataStruct{
csrf_token: csrf_token,
}
templating.RenderTemplate(getController.App, w, "templates/pages/login.html", data)
} }
func (getController *GetController) Logout(w http.ResponseWriter, r *http.Request) { func (getController *GetController) Logout(w http.ResponseWriter, r *http.Request) {

19
controllers/postController.go
View File

@ -3,6 +3,7 @@ package controllers
import ( import (
"GoWeb/app" "GoWeb/app"
"GoWeb/database/models" "GoWeb/database/models"
"GoWeb/security"
"log" "log"
"net/http" "net/http"
"time" "time"
@ -14,6 +15,13 @@ type PostController struct {
} }
func (postController *PostController) Login(w http.ResponseWriter, r *http.Request) { func (postController *PostController) Login(w http.ResponseWriter, r *http.Request) {
// Validate csrf token
_, err := security.VerifyCsrfToken(r)
if err != nil {
log.Println("Error verifying csrf token")
return
}
username := r.FormValue("username") username := r.FormValue("username")
password := r.FormValue("password") password := r.FormValue("password")
@ -22,7 +30,7 @@ func (postController *PostController) Login(w http.ResponseWriter, r *http.Reque
http.Redirect(w, r, "/login", http.StatusFound) http.Redirect(w, r, "/login", http.StatusFound)
} }
_, err := models.AuthenticateUser(postController.App, w, username, password) _, err = models.AuthenticateUser(postController.App, w, username, password)
if err != nil { if err != nil {
log.Println("Error authenticating user") log.Println("Error authenticating user")
log.Println(err) log.Println(err)
@ -34,6 +42,13 @@ func (postController *PostController) Login(w http.ResponseWriter, r *http.Reque
} }
func (postController *PostController) Register(w http.ResponseWriter, r *http.Request) { func (postController *PostController) Register(w http.ResponseWriter, r *http.Request) {
// Validate csrf token
_, err := security.VerifyCsrfToken(r)
if err != nil {
log.Println("Error verifying csrf token")
return
}
username := r.FormValue("username") username := r.FormValue("username")
password := r.FormValue("password") password := r.FormValue("password")
createdAt := time.Now() createdAt := time.Now()
@ -44,7 +59,7 @@ func (postController *PostController) Register(w http.ResponseWriter, r *http.Re
http.Redirect(w, r, "/register", http.StatusFound) http.Redirect(w, r, "/register", http.StatusFound)
} }
_, err := models.CreateUser(postController.App, username, password, createdAt, updatedAt) _, err = models.CreateUser(postController.App, username, password, createdAt, updatedAt)
if err != nil { if err != nil {
log.Println("Error creating user") log.Println("Error creating user")
log.Println(err) log.Println(err)

2
templates/pages/login.html
View File

@ -2,6 +2,8 @@
{{ define "content" }} {{ define "content" }}
<form action="/login-handle" method="post"> <form action="/login-handle" method="post">
<input type="hidden" name="csrf_token" value="{{ .csrfToken }}">
<label for="username">Username:</label><br> <label for="username">Username:</label><br>
<input id="username" name="username" type="text" value="John"><br><br> <input id="username" name="username" type="text" value="John"><br><br>
<label for="password">Password:</label><br> <label for="password">Password:</label><br>

2
templates/pages/register.html
View File

@ -2,6 +2,8 @@
{{ define "content" }} {{ define "content" }}
<form action="/register-handle" method="post"> <form action="/register-handle" method="post">
<input type="hidden" name="csrf_token" value="{{ .csrfToken }}">
<label for="username">Username:</label><br> <label for="username">Username:</label><br>
<input id="username" name="username" type="text" value="John"><br><br> <input id="username" name="username" type="text" value="John"><br><br>
<label for="password">Password:</label><br> <label for="password">Password:</label><br>