added csrf token

This commit is contained in:
Suraj Patil 2016-01-18 06:32:15 +05:30
parent f4c07340a2
commit afe0ab81ee
3 changed files with 24 additions and 11 deletions

View File

@ -122,8 +122,8 @@ nav .glyphicon:hover{
NotesFeed
-------------------------------------- */
.noteHeading {
font-weight:700;
font-size:15px;
font-weight:900;
font-size:17px;
color:#666666;
margin-bottom:0px;
padding-bottom:5px;

View File

@ -14,4 +14,5 @@ type Context struct {
Navigation string
Search string
Message string
CSRFToken string
}

View File

@ -9,6 +9,7 @@ import (
"os"
"strconv"
"strings"
"time"
"text/template"
)
@ -63,8 +64,12 @@ func ShowAllTasksFunc(w http.ResponseWriter, r *http.Request) {
if message != "" {
context.Message = message
}
homeTemplate.Execute(w, context)
context.CSRFToken = "abcde"
message = ""
expiration := time.Now().Add(365 * 24 * time.Hour)
cookie := http.Cookie{Name: "csrftoken",Value:"abcd",Expires:expiration}
http.SetCookie(w, &cookie)
homeTemplate.Execute(w, context)
} else {
message = "Method not allowed"
http.Redirect(w, r, "/", http.StatusFound)
@ -104,8 +109,13 @@ func SearchTaskFunc(w http.ResponseWriter, r *http.Request) {
func AddTaskFunc(w http.ResponseWriter, r *http.Request) {
if r.Method == "POST" { // Will work only for GET requests, will redirect to home
r.ParseForm()
title := r.Form.Get("title")
content := r.Form.Get("content")
title := template.HTMLEscapeString(r.Form.Get("title"))
content := template.HTMLEscapeString(r.Form.Get("content"))
formToken := template.HTMLEscapeString(r.Form.Get("CSRFToken"))
cookie, _ := r.Cookie("csrftoken")
log.Println(cookie)
log.Println(formToken)
if formToken == cookie.Value and title != nil and content!=nil{
truth := db.AddTask(title, content)
if truth != nil {
message = "Error adding task"
@ -113,6 +123,8 @@ func AddTaskFunc(w http.ResponseWriter, r *http.Request) {
message = "Task added"
}
http.Redirect(w, r, "/", http.StatusFound)
}
} else {
message = "Method not allowed"
http.Redirect(w, r, "/", http.StatusFound)