max/GoWeb
1
1
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases 7 Wiki Activity

Only show logout (now CSRF protected) if user is authenticated, include relevant authentication logic in GET controllers (this should be moved to middleware)

Browse Source
This commit is contained in:
max
2024-02-14 13:20:35 -06:00
parent a6be73765a
commit 6d6aff50b3
2 changed files with 56 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
controllers/get.go
View File

@@ -2,6 +2,7 @@ package controllers
import ( import (
"GoWeb/app" "GoWeb/app"
"GoWeb/models"
"GoWeb/security" "GoWeb/security"
"GoWeb/templating" "GoWeb/templating"
"net/http" "net/http"
@@ -12,22 +13,11 @@ type Get struct {
App *app.App App *app.App
} }
func (g *Get) ShowHome(w http.ResponseWriter, _ *http.Request) { func (g *Get) ShowHome(w http.ResponseWriter, r *http.Request) {
type dataStruct struct { type dataStruct struct {
CsrfToken string CsrfToken string
Test string IsAuthenticated bool
} Test string
data := dataStruct{
Test: "Hello World!",
}
templating.RenderTemplate(w, "templates/pages/home.html", data)
}
func (g *Get) ShowRegister(w http.ResponseWriter, r *http.Request) {
type dataStruct struct {
CsrfToken string
} }
CsrfToken, err := security.GenerateCsrfToken(w, r) CsrfToken, err := security.GenerateCsrfToken(w, r)
@@ -35,8 +25,41 @@ func (g *Get) ShowRegister(w http.ResponseWriter, r *http.Request) {
return return
} }
isAuthenticated := true
user, err := models.CurrentUser(g.App, r)
if err != nil || user.Id == 0 {
isAuthenticated = false
}
data := dataStruct{ data := dataStruct{
CsrfToken: CsrfToken, CsrfToken: CsrfToken,
Test: "Hello World!",
IsAuthenticated: isAuthenticated,
}
templating.RenderTemplate(w, "templates/pages/home.html", data)
}
func (g *Get) ShowRegister(w http.ResponseWriter, r *http.Request) {
type dataStruct struct {
CsrfToken string
IsAuthenticated bool
}
CsrfToken, err := security.GenerateCsrfToken(w, r)
if err != nil {
return
}
isAuthenticated := true
user, err := models.CurrentUser(g.App, r)
if err != nil || user.Id == 0 {
isAuthenticated = false
}
data := dataStruct{
CsrfToken: CsrfToken,
IsAuthenticated: isAuthenticated,
} }
templating.RenderTemplate(w, "templates/pages/register.html", data) templating.RenderTemplate(w, "templates/pages/register.html", data)
@@ -44,7 +67,8 @@ func (g *Get) ShowRegister(w http.ResponseWriter, r *http.Request) {
func (g *Get) ShowLogin(w http.ResponseWriter, r *http.Request) { func (g *Get) ShowLogin(w http.ResponseWriter, r *http.Request) {
type dataStruct struct { type dataStruct struct {
CsrfToken string CsrfToken string
IsAuthenticated bool
} }
CsrfToken, err := security.GenerateCsrfToken(w, r) CsrfToken, err := security.GenerateCsrfToken(w, r)

15
templates/base.html
View File

@@ -6,6 +6,21 @@
<link href="/static/css/style.css" rel="stylesheet"> <link href="/static/css/style.css" rel="stylesheet">
</head> </head>
<body> <body>
<div class="navbar">
{{ if .IsAuthenticated }}
<form action="/logout" method="post">
<input name="csrf_token" type="hidden" value="{{ .CsrfToken }}">
<input type="submit" value="Logout">
</form>
{{ else }}
<form action="/login" method="get">
<input type="submit" value="Login">
</form>
<form action="/register" method="get">
<input type="submit" value="Register">
</form>
{{ end }}
</div>
{{ template "content" . }} {{ template "content" . }}
<div class="footer-container"> <div class="footer-container">
<footer> <footer>