Compare commits
7 Commits
b475da66da
...
052fa689c7
Author | SHA1 | Date | |
---|---|---|---|
|
052fa689c7 | ||
|
f1fad7e4e3 | ||
|
606f5df45a | ||
|
eb36156c52 | ||
|
bada24884a | ||
|
05397c2b61 | ||
|
3d80b95f55 |
@ -3,7 +3,6 @@ package controllers
|
|||||||
import (
|
import (
|
||||||
"GoWeb/app"
|
"GoWeb/app"
|
||||||
"GoWeb/models"
|
"GoWeb/models"
|
||||||
"GoWeb/security"
|
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
"time"
|
"time"
|
||||||
@ -15,13 +14,6 @@ type PostController struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (postController *PostController) Login(w http.ResponseWriter, r *http.Request) {
|
func (postController *PostController) Login(w http.ResponseWriter, r *http.Request) {
|
||||||
// Validate csrf token
|
|
||||||
_, err := security.VerifyCsrfToken(r)
|
|
||||||
if err != nil {
|
|
||||||
log.Println("Error verifying csrf token")
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
username := r.FormValue("username")
|
username := r.FormValue("username")
|
||||||
password := r.FormValue("password")
|
password := r.FormValue("password")
|
||||||
remember := r.FormValue("remember") == "on"
|
remember := r.FormValue("remember") == "on"
|
||||||
@ -31,7 +23,7 @@ func (postController *PostController) Login(w http.ResponseWriter, r *http.Reque
|
|||||||
http.Redirect(w, r, "/login", http.StatusFound)
|
http.Redirect(w, r, "/login", http.StatusFound)
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err = models.AuthenticateUser(postController.App, w, username, password, remember)
|
_, err := models.AuthenticateUser(postController.App, w, username, password, remember)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("Error authenticating user")
|
log.Println("Error authenticating user")
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
@ -43,13 +35,6 @@ func (postController *PostController) Login(w http.ResponseWriter, r *http.Reque
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (postController *PostController) Register(w http.ResponseWriter, r *http.Request) {
|
func (postController *PostController) Register(w http.ResponseWriter, r *http.Request) {
|
||||||
// Validate csrf token
|
|
||||||
_, err := security.VerifyCsrfToken(r)
|
|
||||||
if err != nil {
|
|
||||||
log.Println("Error verifying csrf token")
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
username := r.FormValue("username")
|
username := r.FormValue("username")
|
||||||
password := r.FormValue("password")
|
password := r.FormValue("password")
|
||||||
createdAt := time.Now()
|
createdAt := time.Now()
|
||||||
@ -60,7 +45,7 @@ func (postController *PostController) Register(w http.ResponseWriter, r *http.Re
|
|||||||
http.Redirect(w, r, "/register", http.StatusFound)
|
http.Redirect(w, r, "/register", http.StatusFound)
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err = models.CreateUser(postController.App, username, password, createdAt, updatedAt)
|
_, err := models.CreateUser(postController.App, username, password, createdAt, updatedAt)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("Error creating user")
|
log.Println("Error creating user")
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
|
22
middleware/csrf.go
Normal file
22
middleware/csrf.go
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
package middleware
|
||||||
|
|
||||||
|
import (
|
||||||
|
"GoWeb/security"
|
||||||
|
"log"
|
||||||
|
"net/http"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Csrf validates the CSRF token and returns the handler function if it succeded
|
||||||
|
func Csrf(f func(w http.ResponseWriter, r *http.Request)) func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
return func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
// Verify csrf token
|
||||||
|
_, err := security.VerifyCsrfToken(r)
|
||||||
|
if err != nil {
|
||||||
|
log.Println("Error verifying csrf token")
|
||||||
|
http.Error(w, "Forbidden", http.StatusForbidden)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
f(w, r)
|
||||||
|
}
|
||||||
|
}
|
5
middleware/groups.go
Normal file
5
middleware/groups.go
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
package middleware
|
||||||
|
|
||||||
|
import "net/http"
|
||||||
|
|
||||||
|
type MiddlewareFunc func(f func(w http.ResponseWriter, r *http.Request)) func(w http.ResponseWriter, r *http.Request)
|
14
middleware/wrapper.go
Normal file
14
middleware/wrapper.go
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
package middleware
|
||||||
|
|
||||||
|
import "net/http"
|
||||||
|
|
||||||
|
// ProcessGroup is a wrapper function for the http.HandleFunc function
|
||||||
|
// that takes the function you want to execute (f) and the middleware you want
|
||||||
|
// to execute (m) this should be used when processing multiple groups of middleware at a time
|
||||||
|
func ProcessGroup(f func(w http.ResponseWriter, r *http.Request), m []MiddlewareFunc) func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
for _, middleware := range m {
|
||||||
|
_ = middleware(f)
|
||||||
|
}
|
||||||
|
|
||||||
|
return f
|
||||||
|
}
|
@ -3,6 +3,7 @@ package routes
|
|||||||
import (
|
import (
|
||||||
"GoWeb/app"
|
"GoWeb/app"
|
||||||
"GoWeb/controllers"
|
"GoWeb/controllers"
|
||||||
|
"GoWeb/middleware"
|
||||||
"net/http"
|
"net/http"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -14,6 +15,6 @@ func PostRoutes(app *app.App) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// User authentication
|
// User authentication
|
||||||
http.HandleFunc("/register-handle", postController.Register)
|
http.HandleFunc("/register-handle", middleware.Csrf(postController.Register))
|
||||||
http.HandleFunc("/login-handle", postController.Login)
|
http.HandleFunc("/login-handle", middleware.Csrf(postController.Login))
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user