Added CSRF.

controllers/page.go

@@ -7,6 +7,8 @@ import (
 	"goweb/msg"
 	"goweb/pager"
 
+	"github.com/labstack/echo/v4/middleware"
+
 	"github.com/labstack/echo/v4"
 )
 
@@ -31,6 +33,7 @@ type Page struct {
 		Keywords    []string
 	}
 	Pager pager.Pager
+	CSRF  string
 }
 
 func NewPage(c echo.Context) Page {
@@ -44,6 +47,10 @@ func NewPage(c echo.Context) Page {
 
 	p.IsHome = p.Path == "/"
 
+	if csrf := c.Get(middleware.DefaultCSRFConfig.ContextKey); csrf != nil {
+		p.CSRF = csrf.(string)
+	}
+
 	return p
 }
 

router/router.go

@@ -26,6 +26,9 @@ func BuildRouter(c *container.Container) {
 	// TODO: needs cache control headers
 	c.Web.Use(middleware.Static(StaticDir))
 	c.Web.Use(session.Middleware(sessions.NewCookieStore([]byte(c.Config.App.EncryptionKey))))
+	c.Web.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{
+		TokenLookup: "form:csrf",
+	}))
 
 	// Base controller
 	ctr := controllers.NewController(c)

views/components/forms.gohtml

@@ -0,0 +1,3 @@
+{{define "csrf"}}
+    <input type="hidden" name="csrf" value="{{.CSRF}}"/>
+{{end}}

views/pages/contact.gohtml

@@ -3,5 +3,6 @@
         <label for="message">Message</label>
         <textarea id="message"></textarea>
         <input type="submit" value="Send"/>
+        {{template "csrf" .}}
     </form>
 {{end}}