Added CSRF.
This commit is contained in:
parent
1f258ea17e
commit
60d434a922
@ -7,6 +7,8 @@ import (
|
||||
"goweb/msg"
|
||||
"goweb/pager"
|
||||
|
||||
"github.com/labstack/echo/v4/middleware"
|
||||
|
||||
"github.com/labstack/echo/v4"
|
||||
)
|
||||
|
||||
@ -31,6 +33,7 @@ type Page struct {
|
||||
Keywords []string
|
||||
}
|
||||
Pager pager.Pager
|
||||
CSRF string
|
||||
}
|
||||
|
||||
func NewPage(c echo.Context) Page {
|
||||
@ -44,6 +47,10 @@ func NewPage(c echo.Context) Page {
|
||||
|
||||
p.IsHome = p.Path == "/"
|
||||
|
||||
if csrf := c.Get(middleware.DefaultCSRFConfig.ContextKey); csrf != nil {
|
||||
p.CSRF = csrf.(string)
|
||||
}
|
||||
|
||||
return p
|
||||
}
|
||||
|
||||
|
@ -26,6 +26,9 @@ func BuildRouter(c *container.Container) {
|
||||
// TODO: needs cache control headers
|
||||
c.Web.Use(middleware.Static(StaticDir))
|
||||
c.Web.Use(session.Middleware(sessions.NewCookieStore([]byte(c.Config.App.EncryptionKey))))
|
||||
c.Web.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{
|
||||
TokenLookup: "form:csrf",
|
||||
}))
|
||||
|
||||
// Base controller
|
||||
ctr := controllers.NewController(c)
|
||||
|
3
views/components/forms.gohtml
Normal file
3
views/components/forms.gohtml
Normal file
@ -0,0 +1,3 @@
|
||||
{{define "csrf"}}
|
||||
<input type="hidden" name="csrf" value="{{.CSRF}}"/>
|
||||
{{end}}
|
@ -3,5 +3,6 @@
|
||||
<label for="message">Message</label>
|
||||
<textarea id="message"></textarea>
|
||||
<input type="submit" value="Send"/>
|
||||
{{template "csrf" .}}
|
||||
</form>
|
||||
{{end}}
|
Loading…
Reference in New Issue
Block a user