From ab4a743b880ed16eeb94d7216c6e27164ffef41e Mon Sep 17 00:00:00 2001
From: Suraj Arun Patil <surajarun.patil@cognizant.com>
Date: Mon, 18 Jan 2016 06:32:15 +0530
Subject: [PATCH 1/3] added csrf token

---
 public/static/css/styles.css |  4 ++--
 types/types.go               |  1 +
 views/views.go               | 30 +++++++++++++++++++++---------
 3 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/public/static/css/styles.css b/public/static/css/styles.css
index 23f9639..ba3e032 100644
--- a/public/static/css/styles.css
+++ b/public/static/css/styles.css
@@ -122,8 +122,8 @@ nav  .glyphicon:hover{
 NotesFeed
 -------------------------------------- */
 .noteHeading {
-    font-weight:700;
-    font-size:15px;
+    font-weight:900;
+    font-size:17px;
     color:#666666;
     margin-bottom:0px;
     padding-bottom:5px;
diff --git a/types/types.go b/types/types.go
index 9e06fc3..473717d 100644
--- a/types/types.go
+++ b/types/types.go
@@ -14,4 +14,5 @@ type Context struct {
 	Navigation string
 	Search     string
 	Message    string
+	CSRFToken  string
 }
diff --git a/views/views.go b/views/views.go
index 7b6189e..9180df1 100644
--- a/views/views.go
+++ b/views/views.go
@@ -9,6 +9,7 @@ import (
 	"os"
 	"strconv"
 	"strings"
+	"time"
 	"text/template"
 )
 
@@ -63,8 +64,12 @@ func ShowAllTasksFunc(w http.ResponseWriter, r *http.Request) {
 		if message != "" {
 			context.Message = message
 		}
-		homeTemplate.Execute(w, context)
+		context.CSRFToken = "abcde"
 		message = ""
+		expiration := time.Now().Add(365 * 24 * time.Hour)
+		cookie	:=	http.Cookie{Name: "csrftoken",Value:"abcd",Expires:expiration}
+		http.SetCookie(w, &cookie)
+		homeTemplate.Execute(w, context)
 	} else {
 		message = "Method not allowed"
 		http.Redirect(w, r, "/", http.StatusFound)
@@ -104,15 +109,22 @@ func SearchTaskFunc(w http.ResponseWriter, r *http.Request) {
 func AddTaskFunc(w http.ResponseWriter, r *http.Request) {
 	if r.Method == "POST" { // Will work only for GET requests, will redirect to home
 		r.ParseForm()
-		title := r.Form.Get("title")
-		content := r.Form.Get("content")
-		truth := db.AddTask(title, content)
-		if truth != nil {
-			message = "Error adding task"
-		} else {
-			message = "Task added"
+		title := template.HTMLEscapeString(r.Form.Get("title"))
+		content := template.HTMLEscapeString(r.Form.Get("content"))
+		formToken := template.HTMLEscapeString(r.Form.Get("CSRFToken"))
+		cookie,	_	:=	r.Cookie("csrftoken")
+		log.Println(cookie)
+		log.Println(formToken)
+		if formToken == cookie.Value and title != nil and content!=nil{
+			truth := db.AddTask(title, content)
+			if truth != nil {
+				message = "Error adding task"
+			} else {
+				message = "Task added"
+			}
+			http.Redirect(w, r, "/", http.StatusFound)
 		}
-		http.Redirect(w, r, "/", http.StatusFound)
+
 	} else {
 		message = "Method not allowed"
 		http.Redirect(w, r, "/", http.StatusFound)

From 84def84f559473f5d5e7d07f470096dcc5d4883b Mon Sep 17 00:00:00 2001
From: Suraj Arun Patil <surajarun.patil@cognizant.com>
Date: Mon, 18 Jan 2016 06:32:37 +0530
Subject: [PATCH 2/3] csrf token & collapsible note content

---
 public/templates/completed.html |  7 +++----
 public/templates/deleted.html   |  7 +++----
 public/templates/home.html      | 11 ++++++-----
 public/templates/search.html    |  9 ++++-----
 4 files changed, 16 insertions(+), 18 deletions(-)

diff --git a/public/templates/completed.html b/public/templates/completed.html
index 41baea6..5c3a016 100644
--- a/public/templates/completed.html
+++ b/public/templates/completed.html
@@ -3,18 +3,17 @@
   <div class="timeline">
     {{ if .Tasks}} {{range .Tasks}}
     <div class="note">
-      <p class="noteHeading">{{.Title}}</p>
-      <hr>
+      <p class="noteHeading">{{.Title}}</p> <span class="toggle glyphicon glyphicon-resize-full"></span>
       <p class="noteContent">{{.Content}}</p>
       <span class="notefooter">
                     <ul class="menu">
                       <li role="presentation">
                           <a role="menuitem" tabindex="-1" href="/incomplete/{{.Id}}">
-                          <span class="glyphicon glyphicon-share"></span> Mark incomplete</a>
+                          <span class="glyphicon glyphicon-eye-close"></span></a>
                       </li>
                     <li role="presentation">
                       <a role="menuitem" tabindex="-1" href="/trash/{{.Id}}">
-                        <span class="glyphicon glyphicon-trash"></span> Trash</a>
+                        <span class="glyphicon glyphicon-trash"></span></a>
                     </li>
       <!--<li role="presentation">
         <a role="menuitem" tabindex="-1" href="/mask/{{.Id}}">
diff --git a/public/templates/deleted.html b/public/templates/deleted.html
index 5572567..41cb49b 100644
--- a/public/templates/deleted.html
+++ b/public/templates/deleted.html
@@ -9,8 +9,7 @@
 <div class="timeline">
   {{ if .Tasks}} {{range .Tasks}}
   <div class="note">
-    <p class="noteHeading">{{.Title}}</p>
-    <hr>
+    <p class="noteHeading">{{.Title}}</p> <span class="toggle glyphicon glyphicon-resize-full"></span>
     <p class="noteContent">{{.Content}}</p>
     <span class="notefooter">
       <ul class="menu">
@@ -28,11 +27,11 @@
     </li>!-->
     <li role="presentation">
       <a role="menuitem" tabindex="-1" href="/delete/{{.Id}}">
-        <span class="glyphicon glyphicon-trash"></span> Delete</a>
+        <span class="glyphicon glyphicon-trash"></span></a>
     </li>
     <li role="presentation">
       <a role="menuitem" tabindex="-1" href="/restore/{{.Id}}">
-        <span class="glyphicon glyphicon-inbox"></span> Restore</a>
+        <span class="glyphicon glyphicon-inbox"></span></a>
     </li>
     </ul>
     </span>
diff --git a/public/templates/home.html b/public/templates/home.html
index 4c5bdba..ec19bef 100644
--- a/public/templates/home.html
+++ b/public/templates/home.html
@@ -16,6 +16,7 @@
             <div class="form-group">
               <!-- <label for="note-title" class="control-label">Title:</label> -->
               <input type="text" name="title" class="form-control" id="add-note-title" placeholder="Title" style="border:none;border-bottom:1px solid gray; box-shadow:none;">
+              <input type="hidden" name="CSRFToken" value={{.CSRFToken}}>
             </div>
             <div class="form-group">
               <!-- <label for="note-content" class="control-label">Content:</label> -->
@@ -43,18 +44,18 @@
                           <span class="glyphicon glyphicon-time"></span> {{.Created}}</li>
         <li role="presentation">
                           <a role="menuitem" tabindex="-1" href="/mask/{{.Id}}">
-						  <span class="glyphicon glyphicon-lock"></span> Mask</a></li> 
+						  <span class="glyphicon glyphicon-lock"></span></a></li> 
       <li role="presentation">
         <a role="menuitem" tabindex="-1" href="/trash/{{.Id}}">
-          <span class="glyphicon glyphicon-trash"></span> Trash</a>
+          <span class="glyphicon glyphicon-trash"></span></a>
       </li>
       <li role="presentation">
         <a role="menuitem" tabindex="-1" href="/complete/{{.Id}}">
-          <span class="glyphicon glyphicon-check"></span> Complete</a>
+          <span class="glyphicon glyphicon-check"></span></a>
       </li>
       <li role="presentation">
         <a role="menuitem" tabindex="-1" href="/edit/{{.Id}}">
-          <span class="glyphicon glyphicon-pencil"></span> Edit</a>
+          <span class="glyphicon glyphicon-pencil"></span></a>
       </li>
 
       </ul>
@@ -67,7 +68,7 @@
     </div>
     {{end}}
   </div>
-	{{template "footer.gtpl"}}
+	{{template "_footer.html" .}}
 
 </body>
 
diff --git a/public/templates/search.html b/public/templates/search.html
index 9031d11..764f80b 100644
--- a/public/templates/search.html
+++ b/public/templates/search.html
@@ -2,8 +2,7 @@
   <div class="timeline">
     {{ if .Tasks}} {{range .Tasks}}
     <div class="note">
-      <p class="noteHeading">{{.Title}}</p>
-      <hr>
+      <p class="noteHeading">{{.Title}}</p> <span class="toggle glyphicon glyphicon-resize-full"></span>
       <p class="noteContent">{{.Content}}</p>
       <span class="notefooter">
                     <ul class="menu">
@@ -14,15 +13,15 @@
 						  <span class="glyphicon glyphicon-lock"></span> Mask</a></li> !-->
       <li role="presentation">
         <a role="menuitem" tabindex="-1" href="/trash/{{.Id}}">
-          <span class="glyphicon glyphicon-trash"></span> Trash</a>
+          <span class="glyphicon glyphicon-trash"></span></a>
       </li>
       <li role="presentation">
         <a role="menuitem" tabindex="-1" href="/complete/{{.Id}}">
-          <span class="glyphicon glyphicon-check"></span> Complete</a>
+          <span class="glyphicon glyphicon-check"></span></a>
       </li>
       <li role="presentation">
         <a role="menuitem" tabindex="-1" href="/edit/{{.Id}}">
-          <span class="glyphicon glyphicon-pencil"></span> Edit</a>
+          <span class="glyphicon glyphicon-pencil"></span></a>
       </li>
 
       </ul>

From 474ffbc0ea29e8ccacc707893a07534a4afed961 Mon Sep 17 00:00:00 2001
From: Suraj Arun Patil <surajarun.patil@cognizant.com>
Date: Mon, 18 Jan 2016 07:58:08 +0530
Subject: [PATCH 3/3] upload file feature

---
 public/templates/home.html |  4 +++-
 views/views.go             | 39 ++++++++++++++++++++++++++++++--------
 2 files changed, 34 insertions(+), 9 deletions(-)

diff --git a/public/templates/home.html b/public/templates/home.html
index ec19bef..2170d8d 100644
--- a/public/templates/home.html
+++ b/public/templates/home.html
@@ -12,16 +12,18 @@
           <h4 class="modal-title" id="newNoteLabel"><span class="glyphicon glyphicon-pencil"></span>  New Task</h4>
         </div>
         <div class="modal-body">
-          <form action="/add/" method="POST">
+          <form enctype="multipart/form-data" action="/add/" method="POST">
             <div class="form-group">
               <!-- <label for="note-title" class="control-label">Title:</label> -->
               <input type="text" name="title" class="form-control" id="add-note-title" placeholder="Title" style="border:none;border-bottom:1px solid gray; box-shadow:none;">
               <input type="hidden" name="CSRFToken" value={{.CSRFToken}}>
             </div>
             <div class="form-group">
+              <input	type="file"	name="uploadfile"	/>
               <!-- <label for="note-content" class="control-label">Content:</label> -->
               <textarea class="form-control" name="content" id="add-note-content" placeholder="Content" rows="10" style="border:none;border-bottom:1px solid gray; box-shadow:none;"></textarea>
             </div>
+            
         </div>
         <div class="modal-footer">
           <button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
diff --git a/views/views.go b/views/views.go
index 9180df1..2daad4f 100644
--- a/views/views.go
+++ b/views/views.go
@@ -9,8 +9,9 @@ import (
 	"os"
 	"strconv"
 	"strings"
-	"time"
 	"text/template"
+	"time"
+	"io"
 )
 
 var homeTemplate *template.Template
@@ -64,10 +65,10 @@ func ShowAllTasksFunc(w http.ResponseWriter, r *http.Request) {
 		if message != "" {
 			context.Message = message
 		}
-		context.CSRFToken = "abcde"
+		context.CSRFToken = "abcd"
 		message = ""
 		expiration := time.Now().Add(365 * 24 * time.Hour)
-		cookie	:=	http.Cookie{Name: "csrftoken",Value:"abcd",Expires:expiration}
+		cookie := http.Cookie{Name: "csrftoken", Value: "abcd", Expires: expiration}
 		http.SetCookie(w, &cookie)
 		homeTemplate.Execute(w, context)
 	} else {
@@ -107,22 +108,44 @@ func SearchTaskFunc(w http.ResponseWriter, r *http.Request) {
 
 //AddTaskFunc is used to handle the addition of new task, "/add" URL
 func AddTaskFunc(w http.ResponseWriter, r *http.Request) {
-	if r.Method == "POST" { // Will work only for GET requests, will redirect to home
+	if r.Method == "POST" { // Will work only for POST requests, will redirect to home
 		r.ParseForm()
+		file, handler, err := r.FormFile("uploadfile")
+		if err != nil {
+			log.Println(err)
+			return
+		} 
 		title := template.HTMLEscapeString(r.Form.Get("title"))
 		content := template.HTMLEscapeString(r.Form.Get("content"))
 		formToken := template.HTMLEscapeString(r.Form.Get("CSRFToken"))
-		cookie,	_	:=	r.Cookie("csrftoken")
-		log.Println(cookie)
-		log.Println(formToken)
-		if formToken == cookie.Value and title != nil and content!=nil{
+		
+		cookie, _ := r.Cookie("csrftoken")
+		if formToken == cookie.Value {
+			if handler != nil {
+				r.ParseMultipartForm(32 << 20) //defined maximum size of file
+				defer file.Close()
+				f, err := os.OpenFile("./files/"+handler.Filename, os.O_WRONLY|os.O_CREATE, 0666)
+				if err != nil {
+					log.Println(err)
+					return
+				}
+				defer f.Close()
+				io.Copy(f, file)
+				filelink := "<br> <a href=./files/"+handler.Filename+">"+ handler.Filename+"</a>"
+				content =  content + filelink
+			}
+			
 			truth := db.AddTask(title, content)
 			if truth != nil {
 				message = "Error adding task"
+				log.Println("error adding task to db")
 			} else {
 				message = "Task added"
+				log.Println("added task to db")
 			}
 			http.Redirect(w, r, "/", http.StatusFound)
+		} else {
+			log.Fatal("CSRF mismatch")
 		}
 
 	} else {