Only show logout (now CSRF protected) if user is authenticated, include relevant authentication logic in GET controllers (this should be moved to middleware)

This commit is contained in:
max 2024-02-14 13:20:35 -06:00
parent a6be73765a
commit 6d6aff50b3
2 changed files with 56 additions and 17 deletions

View File

@ -2,6 +2,7 @@ package controllers
import ( import (
"GoWeb/app" "GoWeb/app"
"GoWeb/models"
"GoWeb/security" "GoWeb/security"
"GoWeb/templating" "GoWeb/templating"
"net/http" "net/http"
@ -12,22 +13,11 @@ type Get struct {
App *app.App App *app.App
} }
func (g *Get) ShowHome(w http.ResponseWriter, _ *http.Request) { func (g *Get) ShowHome(w http.ResponseWriter, r *http.Request) {
type dataStruct struct { type dataStruct struct {
CsrfToken string CsrfToken string
Test string IsAuthenticated bool
} Test string
data := dataStruct{
Test: "Hello World!",
}
templating.RenderTemplate(w, "templates/pages/home.html", data)
}
func (g *Get) ShowRegister(w http.ResponseWriter, r *http.Request) {
type dataStruct struct {
CsrfToken string
} }
CsrfToken, err := security.GenerateCsrfToken(w, r) CsrfToken, err := security.GenerateCsrfToken(w, r)
@ -35,8 +25,41 @@ func (g *Get) ShowRegister(w http.ResponseWriter, r *http.Request) {
return return
} }
isAuthenticated := true
user, err := models.CurrentUser(g.App, r)
if err != nil || user.Id == 0 {
isAuthenticated = false
}
data := dataStruct{ data := dataStruct{
CsrfToken: CsrfToken, CsrfToken: CsrfToken,
Test: "Hello World!",
IsAuthenticated: isAuthenticated,
}
templating.RenderTemplate(w, "templates/pages/home.html", data)
}
func (g *Get) ShowRegister(w http.ResponseWriter, r *http.Request) {
type dataStruct struct {
CsrfToken string
IsAuthenticated bool
}
CsrfToken, err := security.GenerateCsrfToken(w, r)
if err != nil {
return
}
isAuthenticated := true
user, err := models.CurrentUser(g.App, r)
if err != nil || user.Id == 0 {
isAuthenticated = false
}
data := dataStruct{
CsrfToken: CsrfToken,
IsAuthenticated: isAuthenticated,
} }
templating.RenderTemplate(w, "templates/pages/register.html", data) templating.RenderTemplate(w, "templates/pages/register.html", data)
@ -44,7 +67,8 @@ func (g *Get) ShowRegister(w http.ResponseWriter, r *http.Request) {
func (g *Get) ShowLogin(w http.ResponseWriter, r *http.Request) { func (g *Get) ShowLogin(w http.ResponseWriter, r *http.Request) {
type dataStruct struct { type dataStruct struct {
CsrfToken string CsrfToken string
IsAuthenticated bool
} }
CsrfToken, err := security.GenerateCsrfToken(w, r) CsrfToken, err := security.GenerateCsrfToken(w, r)

View File

@ -6,6 +6,21 @@
<link href="/static/css/style.css" rel="stylesheet"> <link href="/static/css/style.css" rel="stylesheet">
</head> </head>
<body> <body>
<div class="navbar">
{{ if .IsAuthenticated }}
<form action="/logout" method="post">
<input name="csrf_token" type="hidden" value="{{ .CsrfToken }}">
<input type="submit" value="Logout">
</form>
{{ else }}
<form action="/login" method="get">
<input type="submit" value="Login">
</form>
<form action="/register" method="get">
<input type="submit" value="Register">
</form>
{{ end }}
</div>
{{ template "content" . }} {{ template "content" . }}
<div class="footer-container"> <div class="footer-container">
<footer> <footer>