diff --git a/public/static/css/styles.css b/public/static/css/styles.css index 23f9639..ba3e032 100644 --- a/public/static/css/styles.css +++ b/public/static/css/styles.css @@ -122,8 +122,8 @@ nav .glyphicon:hover{ NotesFeed -------------------------------------- */ .noteHeading { - font-weight:700; - font-size:15px; + font-weight:900; + font-size:17px; color:#666666; margin-bottom:0px; padding-bottom:5px; diff --git a/types/types.go b/types/types.go index 9e06fc3..473717d 100644 --- a/types/types.go +++ b/types/types.go @@ -14,4 +14,5 @@ type Context struct { Navigation string Search string Message string + CSRFToken string } diff --git a/views/views.go b/views/views.go index 7b6189e..9180df1 100644 --- a/views/views.go +++ b/views/views.go @@ -9,6 +9,7 @@ import ( "os" "strconv" "strings" + "time" "text/template" ) @@ -63,8 +64,12 @@ func ShowAllTasksFunc(w http.ResponseWriter, r *http.Request) { if message != "" { context.Message = message } - homeTemplate.Execute(w, context) + context.CSRFToken = "abcde" message = "" + expiration := time.Now().Add(365 * 24 * time.Hour) + cookie := http.Cookie{Name: "csrftoken",Value:"abcd",Expires:expiration} + http.SetCookie(w, &cookie) + homeTemplate.Execute(w, context) } else { message = "Method not allowed" http.Redirect(w, r, "/", http.StatusFound) @@ -104,15 +109,22 @@ func SearchTaskFunc(w http.ResponseWriter, r *http.Request) { func AddTaskFunc(w http.ResponseWriter, r *http.Request) { if r.Method == "POST" { // Will work only for GET requests, will redirect to home r.ParseForm() - title := r.Form.Get("title") - content := r.Form.Get("content") - truth := db.AddTask(title, content) - if truth != nil { - message = "Error adding task" - } else { - message = "Task added" + title := template.HTMLEscapeString(r.Form.Get("title")) + content := template.HTMLEscapeString(r.Form.Get("content")) + formToken := template.HTMLEscapeString(r.Form.Get("CSRFToken")) + cookie, _ := r.Cookie("csrftoken") + log.Println(cookie) + log.Println(formToken) + if formToken == cookie.Value and title != nil and content!=nil{ + truth := db.AddTask(title, content) + if truth != nil { + message = "Error adding task" + } else { + message = "Task added" + } + http.Redirect(w, r, "/", http.StatusFound) } - http.Redirect(w, r, "/", http.StatusFound) + } else { message = "Method not allowed" http.Redirect(w, r, "/", http.StatusFound)