Compare commits
3 Commits
6da7d408f9
...
bada24884a
Author | SHA1 | Date | |
---|---|---|---|
|
bada24884a | ||
|
05397c2b61 | ||
|
3d80b95f55 |
@ -3,7 +3,6 @@ package controllers
|
||||
import (
|
||||
"GoWeb/app"
|
||||
"GoWeb/models"
|
||||
"GoWeb/security"
|
||||
"log"
|
||||
"net/http"
|
||||
"time"
|
||||
@ -15,13 +14,6 @@ type PostController struct {
|
||||
}
|
||||
|
||||
func (postController *PostController) Login(w http.ResponseWriter, r *http.Request) {
|
||||
// Validate csrf token
|
||||
_, err := security.VerifyCsrfToken(r)
|
||||
if err != nil {
|
||||
log.Println("Error verifying csrf token")
|
||||
return
|
||||
}
|
||||
|
||||
username := r.FormValue("username")
|
||||
password := r.FormValue("password")
|
||||
remember := r.FormValue("remember") == "on"
|
||||
@ -31,7 +23,7 @@ func (postController *PostController) Login(w http.ResponseWriter, r *http.Reque
|
||||
http.Redirect(w, r, "/login", http.StatusFound)
|
||||
}
|
||||
|
||||
_, err = models.AuthenticateUser(postController.App, w, username, password, remember)
|
||||
_, err := models.AuthenticateUser(postController.App, w, username, password, remember)
|
||||
if err != nil {
|
||||
log.Println("Error authenticating user")
|
||||
log.Println(err)
|
||||
@ -43,13 +35,6 @@ func (postController *PostController) Login(w http.ResponseWriter, r *http.Reque
|
||||
}
|
||||
|
||||
func (postController *PostController) Register(w http.ResponseWriter, r *http.Request) {
|
||||
// Validate csrf token
|
||||
_, err := security.VerifyCsrfToken(r)
|
||||
if err != nil {
|
||||
log.Println("Error verifying csrf token")
|
||||
return
|
||||
}
|
||||
|
||||
username := r.FormValue("username")
|
||||
password := r.FormValue("password")
|
||||
createdAt := time.Now()
|
||||
@ -60,7 +45,7 @@ func (postController *PostController) Register(w http.ResponseWriter, r *http.Re
|
||||
http.Redirect(w, r, "/register", http.StatusFound)
|
||||
}
|
||||
|
||||
_, err = models.CreateUser(postController.App, username, password, createdAt, updatedAt)
|
||||
_, err := models.CreateUser(postController.App, username, password, createdAt, updatedAt)
|
||||
if err != nil {
|
||||
log.Println("Error creating user")
|
||||
log.Println(err)
|
||||
|
22
middleware/csrf.go
Normal file
22
middleware/csrf.go
Normal file
@ -0,0 +1,22 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"GoWeb/security"
|
||||
"log"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
// CsrfMiddleware validates the CSRF token and returns the handler function if it succeded
|
||||
func CsrfMiddleware(f func(w http.ResponseWriter, r *http.Request)) func(w http.ResponseWriter, r *http.Request) {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
// Verify csrf token
|
||||
_, err := security.VerifyCsrfToken(r)
|
||||
if err != nil {
|
||||
log.Println("Error verifying csrf token")
|
||||
http.Error(w, "Forbidden", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
|
||||
f(w, r)
|
||||
}
|
||||
}
|
14
middleware/wrapper.go
Normal file
14
middleware/wrapper.go
Normal file
@ -0,0 +1,14 @@
|
||||
package middleware
|
||||
|
||||
import "net/http"
|
||||
|
||||
// ProcessMiddleware is a wrapper function for the http.HandleFunc function
|
||||
// that takes the function you want to execute (f) and the middleware you want
|
||||
// to execute (m) this should be used when processing multiple groups of middleware at a time
|
||||
func ProcessMiddleware(f func(w http.ResponseWriter, r *http.Request), m []func()) func(w http.ResponseWriter, r *http.Request) {
|
||||
for _, middleware := range m {
|
||||
middleware()
|
||||
}
|
||||
|
||||
return f
|
||||
}
|
@ -3,6 +3,7 @@ package routes
|
||||
import (
|
||||
"GoWeb/app"
|
||||
"GoWeb/controllers"
|
||||
"GoWeb/middleware"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
@ -14,6 +15,6 @@ func PostRoutes(app *app.App) {
|
||||
}
|
||||
|
||||
// User authentication
|
||||
http.HandleFunc("/register-handle", postController.Register)
|
||||
http.HandleFunc("/login-handle", postController.Login)
|
||||
http.HandleFunc("/register-handle", middleware.CsrfMiddleware(postController.Register))
|
||||
http.HandleFunc("/login-handle", middleware.CsrfMiddleware(postController.Login))
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user