Only show logout (now CSRF protected) if user is authenticated, include relevant authentication logic in GET controllers (this should be moved to middleware)
This commit is contained in:
max
parent
a6be73765a
commit
6d6aff50b3
@ -2,6 +2,7 @@ package controllers
|
||||
|
||||
import (
|
||||
"GoWeb/app"
|
||||
"GoWeb/models"
|
||||
"GoWeb/security"
|
||||
"GoWeb/templating"
|
||||
"net/http"
|
||||
@ -12,22 +13,11 @@ type Get struct {
|
||||
App *app.App
|
||||
}
|
||||
|
||||
func (g *Get) ShowHome(w http.ResponseWriter, _ *http.Request) {
|
||||
func (g *Get) ShowHome(w http.ResponseWriter, r *http.Request) {
|
||||
type dataStruct struct {
|
||||
CsrfToken string
|
||||
Test string
|
||||
}
|
||||
|
||||
data := dataStruct{
|
||||
Test: "Hello World!",
|
||||
}
|
||||
|
||||
templating.RenderTemplate(w, "templates/pages/home.html", data)
|
||||
}
|
||||
|
||||
func (g *Get) ShowRegister(w http.ResponseWriter, r *http.Request) {
|
||||
type dataStruct struct {
|
||||
CsrfToken string
|
||||
CsrfToken string
|
||||
IsAuthenticated bool
|
||||
Test string
|
||||
}
|
||||
|
||||
CsrfToken, err := security.GenerateCsrfToken(w, r)
|
||||
@ -35,8 +25,41 @@ func (g *Get) ShowRegister(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
isAuthenticated := true
|
||||
user, err := models.CurrentUser(g.App, r)
|
||||
if err != nil || user.Id == 0 {
|
||||
isAuthenticated = false
|
||||
}
|
||||
|
||||
data := dataStruct{
|
||||
CsrfToken: CsrfToken,
|
||||
CsrfToken: CsrfToken,
|
||||
Test: "Hello World!",
|
||||
IsAuthenticated: isAuthenticated,
|
||||
}
|
||||
|
||||
templating.RenderTemplate(w, "templates/pages/home.html", data)
|
||||
}
|
||||
|
||||
func (g *Get) ShowRegister(w http.ResponseWriter, r *http.Request) {
|
||||
type dataStruct struct {
|
||||
CsrfToken string
|
||||
IsAuthenticated bool
|
||||
}
|
||||
|
||||
CsrfToken, err := security.GenerateCsrfToken(w, r)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
isAuthenticated := true
|
||||
user, err := models.CurrentUser(g.App, r)
|
||||
if err != nil || user.Id == 0 {
|
||||
isAuthenticated = false
|
||||
}
|
||||
|
||||
data := dataStruct{
|
||||
CsrfToken: CsrfToken,
|
||||
IsAuthenticated: isAuthenticated,
|
||||
}
|
||||
|
||||
templating.RenderTemplate(w, "templates/pages/register.html", data)
|
||||
@ -44,7 +67,8 @@ func (g *Get) ShowRegister(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
func (g *Get) ShowLogin(w http.ResponseWriter, r *http.Request) {
|
||||
type dataStruct struct {
|
||||
CsrfToken string
|
||||
CsrfToken string
|
||||
IsAuthenticated bool
|
||||
}
|
||||
|
||||
CsrfToken, err := security.GenerateCsrfToken(w, r)
|
||||
|
||||
@ -6,6 +6,21 @@
|
||||
<link href="/static/css/style.css" rel="stylesheet">
|
||||
</head>
|
||||
<body>
|
||||
<div class="navbar">
|
||||
{{ if .IsAuthenticated }}
|
||||
<form action="/logout" method="post">
|
||||
<input name="csrf_token" type="hidden" value="{{ .CsrfToken }}">
|
||||
<input type="submit" value="Logout">
|
||||
</form>
|
||||
{{ else }}
|
||||
<form action="/login" method="get">
|
||||
<input type="submit" value="Login">
|
||||
</form>
|
||||
<form action="/register" method="get">
|
||||
<input type="submit" value="Register">
|
||||
</form>
|
||||
{{ end }}
|
||||
</div>
|
||||
{{ template "content" . }}
|
||||
<div class="footer-container">
|
||||
<footer>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user