Compare commits
7 Commits
b475da66da
...
052fa689c7
Author | SHA1 | Date | |
---|---|---|---|
|
052fa689c7 | ||
|
f1fad7e4e3 | ||
|
606f5df45a | ||
|
eb36156c52 | ||
|
bada24884a | ||
|
05397c2b61 | ||
|
3d80b95f55 |
@ -3,7 +3,6 @@ package controllers
|
||||
import (
|
||||
"GoWeb/app"
|
||||
"GoWeb/models"
|
||||
"GoWeb/security"
|
||||
"log"
|
||||
"net/http"
|
||||
"time"
|
||||
@ -15,13 +14,6 @@ type PostController struct {
|
||||
}
|
||||
|
||||
func (postController *PostController) Login(w http.ResponseWriter, r *http.Request) {
|
||||
// Validate csrf token
|
||||
_, err := security.VerifyCsrfToken(r)
|
||||
if err != nil {
|
||||
log.Println("Error verifying csrf token")
|
||||
return
|
||||
}
|
||||
|
||||
username := r.FormValue("username")
|
||||
password := r.FormValue("password")
|
||||
remember := r.FormValue("remember") == "on"
|
||||
@ -31,7 +23,7 @@ func (postController *PostController) Login(w http.ResponseWriter, r *http.Reque
|
||||
http.Redirect(w, r, "/login", http.StatusFound)
|
||||
}
|
||||
|
||||
_, err = models.AuthenticateUser(postController.App, w, username, password, remember)
|
||||
_, err := models.AuthenticateUser(postController.App, w, username, password, remember)
|
||||
if err != nil {
|
||||
log.Println("Error authenticating user")
|
||||
log.Println(err)
|
||||
@ -43,13 +35,6 @@ func (postController *PostController) Login(w http.ResponseWriter, r *http.Reque
|
||||
}
|
||||
|
||||
func (postController *PostController) Register(w http.ResponseWriter, r *http.Request) {
|
||||
// Validate csrf token
|
||||
_, err := security.VerifyCsrfToken(r)
|
||||
if err != nil {
|
||||
log.Println("Error verifying csrf token")
|
||||
return
|
||||
}
|
||||
|
||||
username := r.FormValue("username")
|
||||
password := r.FormValue("password")
|
||||
createdAt := time.Now()
|
||||
@ -60,7 +45,7 @@ func (postController *PostController) Register(w http.ResponseWriter, r *http.Re
|
||||
http.Redirect(w, r, "/register", http.StatusFound)
|
||||
}
|
||||
|
||||
_, err = models.CreateUser(postController.App, username, password, createdAt, updatedAt)
|
||||
_, err := models.CreateUser(postController.App, username, password, createdAt, updatedAt)
|
||||
if err != nil {
|
||||
log.Println("Error creating user")
|
||||
log.Println(err)
|
||||
|
22
middleware/csrf.go
Normal file
22
middleware/csrf.go
Normal file
@ -0,0 +1,22 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"GoWeb/security"
|
||||
"log"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
// Csrf validates the CSRF token and returns the handler function if it succeded
|
||||
func Csrf(f func(w http.ResponseWriter, r *http.Request)) func(w http.ResponseWriter, r *http.Request) {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
// Verify csrf token
|
||||
_, err := security.VerifyCsrfToken(r)
|
||||
if err != nil {
|
||||
log.Println("Error verifying csrf token")
|
||||
http.Error(w, "Forbidden", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
|
||||
f(w, r)
|
||||
}
|
||||
}
|
5
middleware/groups.go
Normal file
5
middleware/groups.go
Normal file
@ -0,0 +1,5 @@
|
||||
package middleware
|
||||
|
||||
import "net/http"
|
||||
|
||||
type MiddlewareFunc func(f func(w http.ResponseWriter, r *http.Request)) func(w http.ResponseWriter, r *http.Request)
|
14
middleware/wrapper.go
Normal file
14
middleware/wrapper.go
Normal file
@ -0,0 +1,14 @@
|
||||
package middleware
|
||||
|
||||
import "net/http"
|
||||
|
||||
// ProcessGroup is a wrapper function for the http.HandleFunc function
|
||||
// that takes the function you want to execute (f) and the middleware you want
|
||||
// to execute (m) this should be used when processing multiple groups of middleware at a time
|
||||
func ProcessGroup(f func(w http.ResponseWriter, r *http.Request), m []MiddlewareFunc) func(w http.ResponseWriter, r *http.Request) {
|
||||
for _, middleware := range m {
|
||||
_ = middleware(f)
|
||||
}
|
||||
|
||||
return f
|
||||
}
|
@ -3,6 +3,7 @@ package routes
|
||||
import (
|
||||
"GoWeb/app"
|
||||
"GoWeb/controllers"
|
||||
"GoWeb/middleware"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
@ -14,6 +15,6 @@ func PostRoutes(app *app.App) {
|
||||
}
|
||||
|
||||
// User authentication
|
||||
http.HandleFunc("/register-handle", postController.Register)
|
||||
http.HandleFunc("/login-handle", postController.Login)
|
||||
http.HandleFunc("/register-handle", middleware.Csrf(postController.Register))
|
||||
http.HandleFunc("/login-handle", middleware.Csrf(postController.Login))
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user