added csrf token
This commit is contained in:
parent
f4c07340a2
commit
afe0ab81ee
|
@ -122,8 +122,8 @@ nav .glyphicon:hover{
|
|||
NotesFeed
|
||||
-------------------------------------- */
|
||||
.noteHeading {
|
||||
font-weight:700;
|
||||
font-size:15px;
|
||||
font-weight:900;
|
||||
font-size:17px;
|
||||
color:#666666;
|
||||
margin-bottom:0px;
|
||||
padding-bottom:5px;
|
||||
|
|
|
@ -14,4 +14,5 @@ type Context struct {
|
|||
Navigation string
|
||||
Search string
|
||||
Message string
|
||||
CSRFToken string
|
||||
}
|
||||
|
|
|
@ -9,6 +9,7 @@ import (
|
|||
"os"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
"text/template"
|
||||
)
|
||||
|
||||
|
@ -63,8 +64,12 @@ func ShowAllTasksFunc(w http.ResponseWriter, r *http.Request) {
|
|||
if message != "" {
|
||||
context.Message = message
|
||||
}
|
||||
homeTemplate.Execute(w, context)
|
||||
context.CSRFToken = "abcde"
|
||||
message = ""
|
||||
expiration := time.Now().Add(365 * 24 * time.Hour)
|
||||
cookie := http.Cookie{Name: "csrftoken",Value:"abcd",Expires:expiration}
|
||||
http.SetCookie(w, &cookie)
|
||||
homeTemplate.Execute(w, context)
|
||||
} else {
|
||||
message = "Method not allowed"
|
||||
http.Redirect(w, r, "/", http.StatusFound)
|
||||
|
@ -104,8 +109,13 @@ func SearchTaskFunc(w http.ResponseWriter, r *http.Request) {
|
|||
func AddTaskFunc(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method == "POST" { // Will work only for GET requests, will redirect to home
|
||||
r.ParseForm()
|
||||
title := r.Form.Get("title")
|
||||
content := r.Form.Get("content")
|
||||
title := template.HTMLEscapeString(r.Form.Get("title"))
|
||||
content := template.HTMLEscapeString(r.Form.Get("content"))
|
||||
formToken := template.HTMLEscapeString(r.Form.Get("CSRFToken"))
|
||||
cookie, _ := r.Cookie("csrftoken")
|
||||
log.Println(cookie)
|
||||
log.Println(formToken)
|
||||
if formToken == cookie.Value and title != nil and content!=nil{
|
||||
truth := db.AddTask(title, content)
|
||||
if truth != nil {
|
||||
message = "Error adding task"
|
||||
|
@ -113,6 +123,8 @@ func AddTaskFunc(w http.ResponseWriter, r *http.Request) {
|
|||
message = "Task added"
|
||||
}
|
||||
http.Redirect(w, r, "/", http.StatusFound)
|
||||
}
|
||||
|
||||
} else {
|
||||
message = "Method not allowed"
|
||||
http.Redirect(w, r, "/", http.StatusFound)
|
||||
|
|
Loading…
Reference in New Issue