max/GoWeb
1
1
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases 7 Wiki Activity

Only show logout (now CSRF protected) if user is authenticated, include relevant authentication logic in GET controllers (this should be moved to middleware)

Browse Source
This commit is contained in:
max 2024-02-14 13:20:35 -06:00
parent a6be73765a
commit 6d6aff50b3
2 changed files with 56 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
controllers/get.go
View File

@ -2,6 +2,7 @@ package controllers
import ( import (
"GoWeb/app" "GoWeb/app"
"GoWeb/models"
"GoWeb/security" "GoWeb/security"
"GoWeb/templating" "GoWeb/templating"
"net/http" "net/http"
@ -12,14 +13,28 @@ type Get struct {
App *app.App App *app.App
} }
func (g *Get) ShowHome(w http.ResponseWriter, _ *http.Request) { func (g *Get) ShowHome(w http.ResponseWriter, r *http.Request) {
type dataStruct struct { type dataStruct struct {
CsrfToken string CsrfToken string
IsAuthenticated bool
Test string Test string
} }
CsrfToken, err := security.GenerateCsrfToken(w, r)
if err != nil {
return
}
isAuthenticated := true
user, err := models.CurrentUser(g.App, r)
if err != nil || user.Id == 0 {
isAuthenticated = false
}
data := dataStruct{ data := dataStruct{
CsrfToken: CsrfToken,
Test: "Hello World!", Test: "Hello World!",
IsAuthenticated: isAuthenticated,
} }
templating.RenderTemplate(w, "templates/pages/home.html", data) templating.RenderTemplate(w, "templates/pages/home.html", data)
@ -28,6 +43,7 @@ func (g *Get) ShowHome(w http.ResponseWriter, _ *http.Request) {
func (g *Get) ShowRegister(w http.ResponseWriter, r *http.Request) { func (g *Get) ShowRegister(w http.ResponseWriter, r *http.Request) {
type dataStruct struct { type dataStruct struct {
CsrfToken string CsrfToken string
IsAuthenticated bool
} }
CsrfToken, err := security.GenerateCsrfToken(w, r) CsrfToken, err := security.GenerateCsrfToken(w, r)
@ -35,8 +51,15 @@ func (g *Get) ShowRegister(w http.ResponseWriter, r *http.Request) {
return return
} }
isAuthenticated := true
user, err := models.CurrentUser(g.App, r)
if err != nil || user.Id == 0 {
isAuthenticated = false
}
data := dataStruct{ data := dataStruct{
CsrfToken: CsrfToken, CsrfToken: CsrfToken,
IsAuthenticated: isAuthenticated,
} }
templating.RenderTemplate(w, "templates/pages/register.html", data) templating.RenderTemplate(w, "templates/pages/register.html", data)
@ -45,6 +68,7 @@ func (g *Get) ShowRegister(w http.ResponseWriter, r *http.Request) {
func (g *Get) ShowLogin(w http.ResponseWriter, r *http.Request) { func (g *Get) ShowLogin(w http.ResponseWriter, r *http.Request) {
type dataStruct struct { type dataStruct struct {
CsrfToken string CsrfToken string
IsAuthenticated bool
} }
CsrfToken, err := security.GenerateCsrfToken(w, r) CsrfToken, err := security.GenerateCsrfToken(w, r)

15
templates/base.html
View File

@ -6,6 +6,21 @@
<link href="/static/css/style.css" rel="stylesheet"> <link href="/static/css/style.css" rel="stylesheet">
</head> </head>
<body> <body>
<div class="navbar">
{{ if .IsAuthenticated }}
<form action="/logout" method="post">
<input name="csrf_token" type="hidden" value="{{ .CsrfToken }}">
<input type="submit" value="Logout">
</form>
{{ else }}
<form action="/login" method="get">
<input type="submit" value="Login">
</form>
<form action="/register" method="get">
<input type="submit" value="Register">
</form>
{{ end }}
</div>
{{ template "content" . }} {{ template "content" . }}
<div class="footer-container"> <div class="footer-container">
<footer> <footer>