go,tmpl: use CSRF token in relevant places
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
393b1af830
commit
536b5909c8
|
@ -67,6 +67,8 @@ func Home(client *ent.Client) echo.HandlerFunc {
|
|||
)
|
||||
}
|
||||
|
||||
csrf := c.Get("csrf").(string)
|
||||
|
||||
err := c.Render(http.StatusOK, "home.tmpl",
|
||||
page{
|
||||
AppName: setting.AppName(),
|
||||
|
@ -74,6 +76,7 @@ func Home(client *ent.Client) echo.HandlerFunc {
|
|||
Title: "Home",
|
||||
Name: username,
|
||||
DevelMode: setting.IsDevel(),
|
||||
CSRF: csrf,
|
||||
Current: "home",
|
||||
User: u,
|
||||
},
|
||||
|
|
|
@ -14,6 +14,8 @@ func Logout() echo.HandlerFunc {
|
|||
return func(c echo.Context) error {
|
||||
addHeaders(c)
|
||||
|
||||
csrf := c.Get("csrf").(string)
|
||||
|
||||
switch {
|
||||
case c.Request().Method == "POST":
|
||||
sess, _ := session.Get(setting.SessionCookieName(), c)
|
||||
|
@ -41,6 +43,7 @@ func Logout() echo.HandlerFunc {
|
|||
AppName: setting.AppName(),
|
||||
AppVer: appver,
|
||||
Title: "Logout",
|
||||
CSRF: csrf,
|
||||
DevelMode: setting.IsDevel(),
|
||||
Current: "logout",
|
||||
},
|
||||
|
|
|
@ -27,6 +27,8 @@ func Signin() echo.HandlerFunc {
|
|||
}
|
||||
}
|
||||
|
||||
csrf := c.Get("csrf").(string)
|
||||
|
||||
return c.Render(
|
||||
http.StatusOK,
|
||||
"signin.tmpl",
|
||||
|
@ -34,6 +36,7 @@ func Signin() echo.HandlerFunc {
|
|||
AppName: setting.AppName(),
|
||||
AppVer: appver,
|
||||
Title: "Sign in",
|
||||
CSRF: csrf,
|
||||
DevelMode: setting.IsDevel(),
|
||||
Current: "signin",
|
||||
},
|
||||
|
@ -55,12 +58,14 @@ func SigninPost(client *ent.Client) echo.HandlerFunc {
|
|||
)
|
||||
}
|
||||
|
||||
csrf := c.Get("csrf").(string)
|
||||
username := cu.Username
|
||||
password := cu.Password
|
||||
p := page{
|
||||
AppName: setting.AppName(),
|
||||
AppVer: appver,
|
||||
Title: "Sign in",
|
||||
CSRF: csrf,
|
||||
DevelMode: setting.IsDevel(),
|
||||
Current: "signin",
|
||||
}
|
||||
|
|
|
@ -14,6 +14,7 @@
|
|||
</div>
|
||||
<div class="mt-8 lg:w-1/2 lg:mt-0">
|
||||
<form method="post" class="w-full lg:max-w-xl">
|
||||
<input type="hidden" name="csrf" value="{{- .CSRF -}}">
|
||||
{{ if and .Data .Data.flash }}
|
||||
<div class="relative flex items-center mb-4">
|
||||
<p class="mt-2 text-md text-rose-800 dark:text-rose-500"><span class="font-medium">Error:</span> {{.Data.flash}}</p>
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
</div>
|
||||
<div class="mt-8 lg:w-1/2 lg:mt-0">
|
||||
<form method="post" class="w-full lg:max-w-xl">
|
||||
<input type="hidden" name="_csrf" value="{{- .CSRF -}}">
|
||||
<input type="hidden" name="csrf" value="{{- .CSRF -}}">
|
||||
<div class="relative flex items-center">
|
||||
<span class="absolute" role="img" aria-label="person outline icon for username">
|
||||
{{ template "svg-user.tmpl" }}
|
||||
|
|
Loading…
Reference in New Issue