diff --git a/controllers/page.go b/controllers/page.go
index b438583..d03b0fc 100644
--- a/controllers/page.go
+++ b/controllers/page.go
@@ -7,6 +7,8 @@ import (
"goweb/msg"
"goweb/pager"
+ "github.com/labstack/echo/v4/middleware"
+
"github.com/labstack/echo/v4"
)
@@ -31,6 +33,7 @@ type Page struct {
Keywords []string
}
Pager pager.Pager
+ CSRF string
}
func NewPage(c echo.Context) Page {
@@ -44,6 +47,10 @@ func NewPage(c echo.Context) Page {
p.IsHome = p.Path == "/"
+ if csrf := c.Get(middleware.DefaultCSRFConfig.ContextKey); csrf != nil {
+ p.CSRF = csrf.(string)
+ }
+
return p
}
diff --git a/router/router.go b/router/router.go
index a80c507..5fd4b20 100644
--- a/router/router.go
+++ b/router/router.go
@@ -26,6 +26,9 @@ func BuildRouter(c *container.Container) {
// TODO: needs cache control headers
c.Web.Use(middleware.Static(StaticDir))
c.Web.Use(session.Middleware(sessions.NewCookieStore([]byte(c.Config.App.EncryptionKey))))
+ c.Web.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{
+ TokenLookup: "form:csrf",
+ }))
// Base controller
ctr := controllers.NewController(c)
diff --git a/views/components/forms.gohtml b/views/components/forms.gohtml
new file mode 100644
index 0000000..3a6d15e
--- /dev/null
+++ b/views/components/forms.gohtml
@@ -0,0 +1,3 @@
+{{define "csrf"}}
+
+{{end}}
\ No newline at end of file
diff --git a/views/pages/contact.gohtml b/views/pages/contact.gohtml
index 141d4d4..8882c19 100644
--- a/views/pages/contact.gohtml
+++ b/views/pages/contact.gohtml
@@ -3,5 +3,6 @@
+ {{template "csrf" .}}
{{end}}
\ No newline at end of file