max/GoWeb
1
1
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases 7 Wiki Activity

Use ungrouped CSRF middleware on register and login POST routes

Browse Source
This commit is contained in:
Maximilian 2023-07-21 11:59:55 -05:00
parent 05397c2b61
commit bada24884a
2 changed files with 5 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
controllers/postController.go
View File

@ -3,7 +3,6 @@ package controllers
import ( import (
"GoWeb/app" "GoWeb/app"
"GoWeb/models" "GoWeb/models"
"GoWeb/security"
"log" "log"
"net/http" "net/http"
"time" "time"
@ -15,13 +14,6 @@ type PostController struct {
} }
func (postController *PostController) Login(w http.ResponseWriter, r *http.Request) { func (postController *PostController) Login(w http.ResponseWriter, r *http.Request) {
// Validate csrf token
_, err := security.VerifyCsrfToken(r)
if err != nil {
log.Println("Error verifying csrf token")
return
}
username := r.FormValue("username") username := r.FormValue("username")
password := r.FormValue("password") password := r.FormValue("password")
remember := r.FormValue("remember") == "on" remember := r.FormValue("remember") == "on"
@ -31,7 +23,7 @@ func (postController *PostController) Login(w http.ResponseWriter, r *http.Reque
http.Redirect(w, r, "/login", http.StatusFound) http.Redirect(w, r, "/login", http.StatusFound)
} }
_, err = models.AuthenticateUser(postController.App, w, username, password, remember) _, err := models.AuthenticateUser(postController.App, w, username, password, remember)
if err != nil { if err != nil {
log.Println("Error authenticating user") log.Println("Error authenticating user")
log.Println(err) log.Println(err)
@ -43,13 +35,6 @@ func (postController *PostController) Login(w http.ResponseWriter, r *http.Reque
} }
func (postController *PostController) Register(w http.ResponseWriter, r *http.Request) { func (postController *PostController) Register(w http.ResponseWriter, r *http.Request) {
// Validate csrf token
_, err := security.VerifyCsrfToken(r)
if err != nil {
log.Println("Error verifying csrf token")
return
}
username := r.FormValue("username") username := r.FormValue("username")
password := r.FormValue("password") password := r.FormValue("password")
createdAt := time.Now() createdAt := time.Now()
@ -60,7 +45,7 @@ func (postController *PostController) Register(w http.ResponseWriter, r *http.Re
http.Redirect(w, r, "/register", http.StatusFound) http.Redirect(w, r, "/register", http.StatusFound)
} }
_, err = models.CreateUser(postController.App, username, password, createdAt, updatedAt) _, err := models.CreateUser(postController.App, username, password, createdAt, updatedAt)
if err != nil { if err != nil {
log.Println("Error creating user") log.Println("Error creating user")
log.Println(err) log.Println(err)

5
routes/postRoutes.go
View File

@ -3,6 +3,7 @@ package routes
import ( import (
"GoWeb/app" "GoWeb/app"
"GoWeb/controllers" "GoWeb/controllers"
"GoWeb/middleware"
"net/http" "net/http"
) )
@ -14,6 +15,6 @@ func PostRoutes(app *app.App) {
} }
// User authentication // User authentication
http.HandleFunc("/register-handle", postController.Register) http.HandleFunc("/register-handle", middleware.CsrfMiddleware(postController.Register))
http.HandleFunc("/login-handle", postController.Login) http.HandleFunc("/login-handle", middleware.CsrfMiddleware(postController.Login))
} }