csrf use template func type

2023-12-04 08:03:41 +00:00 · 2023-12-04 08:03:41 +00:00 · f4ef8acb1f
commit f4ef8acb1f
parent 91edab2f9b
9 changed files with 27 additions and 51 deletions
--- a/go.mod
+++ b/go.mod
@ -5,6 +5,7 @@ go 1.21.4
 require (
 	github.com/aead/chacha20poly1305 v0.0.0-20201124145622-1a5aba2a8b29
 	github.com/golang-jwt/jwt/v5 v5.1.0
+	github.com/gorilla/csrf v1.7.2
 	github.com/gorilla/mux v1.8.1
 	github.com/gorilla/securecookie v1.1.2
 	github.com/lib/pq v1.10.9
@ -22,7 +23,6 @@ require (
 	github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect
 	github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
-	github.com/gorilla/csrf v1.7.2 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
--- a/internal/handlers/home.go
+++ b/internal/handlers/home.go
@ -42,5 +42,5 @@ func (server *Server) homeView(w http.ResponseWriter, r *http.Request) {
 		}
 	}

-	renderLayout(w, data, "web/templates/home.html.tmpl")
+	renderLayout(w, r, data, "web/templates/home.html.tmpl")
 }
--- a/internal/handlers/render.go
+++ b/internal/handlers/render.go
@ -3,7 +3,9 @@ package handlers
 import (
 	"html/template"
 	"net/http"
+	"path/filepath"

+	"github.com/gorilla/csrf"
 	"github.com/zhang2092/mediahls/internal/pkg/logger"
 )

@ -24,18 +26,25 @@ import (
 // }

 // renderLayout 渲染方法 带框架
-func renderLayout(w http.ResponseWriter, data any, tmpls ...string) {
-	tmpls = append(tmpls, "web/templates/base/header.html.tmpl", "web/templates/base/footer.html.tmpl")
-	t, err := template.ParseFiles(tmpls...)
+func renderLayout(w http.ResponseWriter, r *http.Request, data any, tmpl string) {
+	t := template.New(filepath.Base(tmpl))
+	t = t.Funcs(template.FuncMap{
+		"csrfField": func() template.HTML {
+			return csrf.TemplateField(r)
+		},
+	})
+
+	tpl := template.Must(t.Clone())
+	tpl, err := tpl.ParseFiles(tmpl, "web/templates/base/header.html.tmpl", "web/templates/base/footer.html.tmpl")
 	if err != nil {
-		logger.Logger.Errorf("template parse: %v, %v", tmpls, err)
+		logger.Logger.Errorf("template parse: %s, %v", tmpl, err)
 		w.WriteHeader(http.StatusInternalServerError)
 		return
 	}

-	err = t.Execute(w, data)
+	err = tpl.Execute(w, data)
 	if err != nil {
-		logger.Logger.Errorf("template execute: %v, %v", tmpls, err)
+		logger.Logger.Errorf("template execute: %s, %v", tmpl, err)
 		w.WriteHeader(http.StatusInternalServerError)
 		return
 	}
--- a/internal/handlers/user.go
+++ b/internal/handlers/user.go
@ -2,11 +2,9 @@ package handlers

 import (
 	"database/sql"
-	"html/template"
 	"net/http"
 	"time"

-	"github.com/gorilla/csrf"
 	"github.com/zhang2092/mediahls/internal/db"
 	"github.com/zhang2092/mediahls/internal/pkg/cookie"
 	pwd "github.com/zhang2092/mediahls/internal/pkg/password"
@ -17,7 +15,6 @@ import (
 // registerPageData 注册页面数据
 type registerPageData struct {
 	Authorize
-	CSRFField   template.HTML
 	Summary     string
 	Email       string
 	EmailMsg    string
@ -30,7 +27,6 @@ type registerPageData struct {
 // loginPageData 登录页面数据
 type loginPageData struct {
 	Authorize
-	CSRFField   template.HTML
 	Summary     string
 	Email       string
 	EmailMsg    string
@ -163,28 +159,12 @@ func (server *Server) logout(w http.ResponseWriter, r *http.Request) {

 // renderRegister 渲染注册页面
 func renderRegister(w http.ResponseWriter, r *http.Request, data any) {
-	if data != nil {
-		res := data.(registerPageData)
-		res.CSRFField = csrf.TemplateField(r)
-		renderLayout(w, res, "web/templates/user/register.html.tmpl")
-	} else {
-		renderLayout(w, registerPageData{
-			CSRFField: csrf.TemplateField(r),
-		}, "web/templates/user/register.html.tmpl")
-	}
+	renderLayout(w, r, data, "web/templates/user/register.html.tmpl")
 }

 // renderLogin 渲染登录页面
 func renderLogin(w http.ResponseWriter, r *http.Request, data any) {
-	if data != nil {
-		res := data.(loginPageData)
-		res.CSRFField = csrf.TemplateField(r)
-		renderLayout(w, res, "web/templates/user/login.html.tmpl")
-	} else {
-		renderLayout(w, loginPageData{
-			CSRFField: csrf.TemplateField(r),
-		}, "web/templates/user/login.html.tmpl")
-	}
+	renderLayout(w, r, data, "web/templates/user/login.html.tmpl")
 }

 // viladatorRegister 校验注册数据
--- a/internal/handlers/video.go
+++ b/internal/handlers/video.go
@ -4,13 +4,11 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"html/template"
 	"net/http"
 	"strconv"
 	"strings"
 	"time"

-	"github.com/gorilla/csrf"
 	"github.com/gorilla/mux"
 	"github.com/zhang2092/mediahls/internal/db"
 	"github.com/zhang2092/mediahls/internal/pkg/convert"
@ -29,14 +27,12 @@ type videoPageData struct {
 // videosPageData 视频列表数据
 type videosPageData struct {
 	Authorize
-	CSRFField template.HTML
-	Videos    []db.Video
+	Videos []db.Video
 }

 // videoEditPageData 视频编辑数据
 type videoEditPageData struct {
 	Authorize
-	CSRFField      template.HTML
 	Summary        string
 	ID             string
 	IDMsg          string
@ -72,7 +68,7 @@ func (server *Server) videoView(w http.ResponseWriter, r *http.Request) {
 	if err == nil {
 		data.Authorize = *auth
 	}
-	renderLayout(w, data, "web/templates/video/play.html.tmpl")
+	renderLayout(w, r, data, "web/templates/video/play.html.tmpl")
 }

 // videosView 视频列表页面
@ -80,7 +76,6 @@ func (server *Server) videosView(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	data := videosPageData{
 		Authorize: withUser(ctx),
-		CSRFField: csrf.TemplateField(r),
 	}

 	vars := mux.Vars(r)
@ -103,7 +98,7 @@ func (server *Server) videosView(w http.ResponseWriter, r *http.Request) {
 		}
 	}

-	renderLayout(w, data, "web/templates/video/videos.html.tmpl")
+	renderLayout(w, r, data, "web/templates/video/videos.html.tmpl")
 }

 // editVideoView 视频编辑页面
@ -288,15 +283,7 @@ func (server *Server) transfer(w http.ResponseWriter, r *http.Request) {

 // renderEditVideo 渲染视频编辑页面
 func renderEditVideo(w http.ResponseWriter, r *http.Request, data any) {
-	if data != nil {
-		res := data.(videoEditPageData)
-		res.CSRFField = csrf.TemplateField(r)
-		renderLayout(w, res, "web/templates/video/edit.html.tmpl")
-	}
-
-	renderLayout(w, videoEditPageData{
-		CSRFField: csrf.TemplateField(r),
-	}, "web/templates/video/edit.html.tmpl")
+	renderLayout(w, r, data, "web/templates/video/edit.html.tmpl")
 }

 // viladatorEditVedio 检验视频编辑数据
--- a/web/templates/user/login.html.tmpl
+++ b/web/templates/user/login.html.tmpl
@ -4,7 +4,7 @@
    <h1>登录</h1>
    <div class="col-sm-4 py-md-5">
      <form action="/login" method="post">
-        {{ .CSRFField }}
+        {{ csrfField }}
        <div class="form-group">
          <div class="input-group">
            <div class="input-group-prepend">
--- a/web/templates/user/register.html.tmpl
+++ b/web/templates/user/register.html.tmpl
@ -4,7 +4,7 @@
    <h1>注册</h1>
    <div class="col-sm-4 py-md-5">
      <form action="/register" method="post">
-        {{ .CSRFField }}
+        {{ csrfField }}
        <div class="form-group">
          <div class="input-group">
            <div class="input-group-prepend">
--- a/web/templates/video/edit.html.tmpl
+++ b/web/templates/video/edit.html.tmpl
@ -7,7 +7,7 @@
        </div>
        <div class="col-sm-6 py-md-5 flex flex-column justify-content">
            <form action="/me/videos/update" method="post">
-                {{ .CSRFField }}
+                {{ csrfField }}
                {{if .ID}}
                <div class="form-group">
                    <div class="input-group">
--- a/web/templates/video/videos.html.tmpl
+++ b/web/templates/video/videos.html.tmpl
@ -36,7 +36,7 @@
            </div>
            {{end}}
            <div class="hidden">
-                {{ .CSRFField }}
+                {{ csrfField }}
            </div>
        </div>
    </div>