x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity

feat(security): #286 implement csrf middleware

Browse Source
This commit is contained in:
Tim Wundenberg
2024-12-04 23:15:40 +01:00
parent bbcdbf7a01
commit 57989c9b03
18 changed files with 484 additions and 204 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
handler/workout.go
View File

@@ -1,6 +1,7 @@
package handler
import (
"me-fit/handler/middleware"
"me-fit/log"
"me-fit/service"
"me-fit/template/workout"
@@ -38,22 +39,22 @@ func (handler WorkoutImpl) Handle(router *http.ServeMux) {
func (handler WorkoutImpl) handleWorkoutPage() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := handler.auth.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
session := middleware.GetSession(r)
if session == nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
currentDate := time.Now().Format("2006-01-02")
comp := workout.WorkoutComp(currentDate)
handler.render.RenderLayout(r, w, comp, user)
handler.render.RenderLayout(r, w, comp, session.User)
}
}
func (handler WorkoutImpl) handleAddWorkout() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := handler.auth.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
session := middleware.GetSession(r)
if session == nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
@@ -64,7 +65,7 @@ func (handler WorkoutImpl) handleAddWorkout() http.HandlerFunc {
var repsStr = r.FormValue("reps")
wo := service.NewWorkoutDto("", dateStr, typeStr, setsStr, repsStr)
wo, err = handler.service.AddWorkout(user, wo)
wo, err := handler.service.AddWorkout(session.User, wo)
if err != nil {
utils.TriggerToast(w, r, "error", "Invalid input values")
http.Error(w, "Invalid input values", http.StatusBadRequest)
@@ -79,13 +80,13 @@ func (handler WorkoutImpl) handleAddWorkout() http.HandlerFunc {
func (handler WorkoutImpl) handleGetWorkout() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := handler.auth.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
session := middleware.GetSession(r)
if session == nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
workouts, err := handler.service.GetWorkouts(user)
workouts, err := handler.service.GetWorkouts(session.User)
if err != nil {
return
}
@@ -102,8 +103,8 @@ func (handler WorkoutImpl) handleGetWorkout() http.HandlerFunc {
func (handler WorkoutImpl) handleDeleteWorkout() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user, err := handler.auth.GetUserFromSessionId(utils.GetSessionID(r))
if err != nil {
session := middleware.GetSession(r)
if session == nil {
utils.DoRedirect(w, r, "/auth/signin")
return
}
@@ -124,7 +125,7 @@ func (handler WorkoutImpl) handleDeleteWorkout() http.HandlerFunc {
return
}
err = handler.service.DeleteWorkout(user, rowIdInt)
err = handler.service.DeleteWorkout(session.User, rowIdInt)
if err != nil {
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
log.Error("Could not delete workout: %v", err.Error())