From f4ef8acb1f1c985f2791902a6462df136e8cce54 Mon Sep 17 00:00:00 2001 From: kenneth Date: Mon, 4 Dec 2023 08:03:41 +0000 Subject: [PATCH] csrf use template func type --- go.mod | 2 +- internal/handlers/home.go | 2 +- internal/handlers/render.go | 21 +++++++++++++++------ internal/handlers/user.go | 24 ++---------------------- internal/handlers/video.go | 21 ++++----------------- web/templates/user/login.html.tmpl | 2 +- web/templates/user/register.html.tmpl | 2 +- web/templates/video/edit.html.tmpl | 2 +- web/templates/video/videos.html.tmpl | 2 +- 9 files changed, 27 insertions(+), 51 deletions(-) diff --git a/go.mod b/go.mod index e07f92f..4f3ae31 100644 --- a/go.mod +++ b/go.mod @@ -5,6 +5,7 @@ go 1.21.4 require ( github.com/aead/chacha20poly1305 v0.0.0-20201124145622-1a5aba2a8b29 github.com/golang-jwt/jwt/v5 v5.1.0 + github.com/gorilla/csrf v1.7.2 github.com/gorilla/mux v1.8.1 github.com/gorilla/securecookie v1.1.2 github.com/lib/pq v1.10.9 @@ -22,7 +23,6 @@ require ( github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect - github.com/gorilla/csrf v1.7.2 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/magiconair/properties v1.8.7 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect diff --git a/internal/handlers/home.go b/internal/handlers/home.go index 0f929c6..74963e1 100644 --- a/internal/handlers/home.go +++ b/internal/handlers/home.go @@ -42,5 +42,5 @@ func (server *Server) homeView(w http.ResponseWriter, r *http.Request) { } } - renderLayout(w, data, "web/templates/home.html.tmpl") + renderLayout(w, r, data, "web/templates/home.html.tmpl") } diff --git a/internal/handlers/render.go b/internal/handlers/render.go index a6bd6ff..05c81fd 100644 --- a/internal/handlers/render.go +++ b/internal/handlers/render.go @@ -3,7 +3,9 @@ package handlers import ( "html/template" "net/http" + "path/filepath" + "github.com/gorilla/csrf" "github.com/zhang2092/mediahls/internal/pkg/logger" ) @@ -24,18 +26,25 @@ import ( // } // renderLayout 渲染方法 带框架 -func renderLayout(w http.ResponseWriter, data any, tmpls ...string) { - tmpls = append(tmpls, "web/templates/base/header.html.tmpl", "web/templates/base/footer.html.tmpl") - t, err := template.ParseFiles(tmpls...) +func renderLayout(w http.ResponseWriter, r *http.Request, data any, tmpl string) { + t := template.New(filepath.Base(tmpl)) + t = t.Funcs(template.FuncMap{ + "csrfField": func() template.HTML { + return csrf.TemplateField(r) + }, + }) + + tpl := template.Must(t.Clone()) + tpl, err := tpl.ParseFiles(tmpl, "web/templates/base/header.html.tmpl", "web/templates/base/footer.html.tmpl") if err != nil { - logger.Logger.Errorf("template parse: %v, %v", tmpls, err) + logger.Logger.Errorf("template parse: %s, %v", tmpl, err) w.WriteHeader(http.StatusInternalServerError) return } - err = t.Execute(w, data) + err = tpl.Execute(w, data) if err != nil { - logger.Logger.Errorf("template execute: %v, %v", tmpls, err) + logger.Logger.Errorf("template execute: %s, %v", tmpl, err) w.WriteHeader(http.StatusInternalServerError) return } diff --git a/internal/handlers/user.go b/internal/handlers/user.go index 2c38618..884c25b 100644 --- a/internal/handlers/user.go +++ b/internal/handlers/user.go @@ -2,11 +2,9 @@ package handlers import ( "database/sql" - "html/template" "net/http" "time" - "github.com/gorilla/csrf" "github.com/zhang2092/mediahls/internal/db" "github.com/zhang2092/mediahls/internal/pkg/cookie" pwd "github.com/zhang2092/mediahls/internal/pkg/password" @@ -17,7 +15,6 @@ import ( // registerPageData 注册页面数据 type registerPageData struct { Authorize - CSRFField template.HTML Summary string Email string EmailMsg string @@ -30,7 +27,6 @@ type registerPageData struct { // loginPageData 登录页面数据 type loginPageData struct { Authorize - CSRFField template.HTML Summary string Email string EmailMsg string @@ -163,28 +159,12 @@ func (server *Server) logout(w http.ResponseWriter, r *http.Request) { // renderRegister 渲染注册页面 func renderRegister(w http.ResponseWriter, r *http.Request, data any) { - if data != nil { - res := data.(registerPageData) - res.CSRFField = csrf.TemplateField(r) - renderLayout(w, res, "web/templates/user/register.html.tmpl") - } else { - renderLayout(w, registerPageData{ - CSRFField: csrf.TemplateField(r), - }, "web/templates/user/register.html.tmpl") - } + renderLayout(w, r, data, "web/templates/user/register.html.tmpl") } // renderLogin 渲染登录页面 func renderLogin(w http.ResponseWriter, r *http.Request, data any) { - if data != nil { - res := data.(loginPageData) - res.CSRFField = csrf.TemplateField(r) - renderLayout(w, res, "web/templates/user/login.html.tmpl") - } else { - renderLayout(w, loginPageData{ - CSRFField: csrf.TemplateField(r), - }, "web/templates/user/login.html.tmpl") - } + renderLayout(w, r, data, "web/templates/user/login.html.tmpl") } // viladatorRegister 校验注册数据 diff --git a/internal/handlers/video.go b/internal/handlers/video.go index 54d966d..0deba56 100644 --- a/internal/handlers/video.go +++ b/internal/handlers/video.go @@ -4,13 +4,11 @@ import ( "context" "encoding/json" "fmt" - "html/template" "net/http" "strconv" "strings" "time" - "github.com/gorilla/csrf" "github.com/gorilla/mux" "github.com/zhang2092/mediahls/internal/db" "github.com/zhang2092/mediahls/internal/pkg/convert" @@ -29,14 +27,12 @@ type videoPageData struct { // videosPageData 视频列表数据 type videosPageData struct { Authorize - CSRFField template.HTML - Videos []db.Video + Videos []db.Video } // videoEditPageData 视频编辑数据 type videoEditPageData struct { Authorize - CSRFField template.HTML Summary string ID string IDMsg string @@ -72,7 +68,7 @@ func (server *Server) videoView(w http.ResponseWriter, r *http.Request) { if err == nil { data.Authorize = *auth } - renderLayout(w, data, "web/templates/video/play.html.tmpl") + renderLayout(w, r, data, "web/templates/video/play.html.tmpl") } // videosView 视频列表页面 @@ -80,7 +76,6 @@ func (server *Server) videosView(w http.ResponseWriter, r *http.Request) { ctx := r.Context() data := videosPageData{ Authorize: withUser(ctx), - CSRFField: csrf.TemplateField(r), } vars := mux.Vars(r) @@ -103,7 +98,7 @@ func (server *Server) videosView(w http.ResponseWriter, r *http.Request) { } } - renderLayout(w, data, "web/templates/video/videos.html.tmpl") + renderLayout(w, r, data, "web/templates/video/videos.html.tmpl") } // editVideoView 视频编辑页面 @@ -288,15 +283,7 @@ func (server *Server) transfer(w http.ResponseWriter, r *http.Request) { // renderEditVideo 渲染视频编辑页面 func renderEditVideo(w http.ResponseWriter, r *http.Request, data any) { - if data != nil { - res := data.(videoEditPageData) - res.CSRFField = csrf.TemplateField(r) - renderLayout(w, res, "web/templates/video/edit.html.tmpl") - } - - renderLayout(w, videoEditPageData{ - CSRFField: csrf.TemplateField(r), - }, "web/templates/video/edit.html.tmpl") + renderLayout(w, r, data, "web/templates/video/edit.html.tmpl") } // viladatorEditVedio 检验视频编辑数据 diff --git a/web/templates/user/login.html.tmpl b/web/templates/user/login.html.tmpl index 74da05b..38c2ab5 100644 --- a/web/templates/user/login.html.tmpl +++ b/web/templates/user/login.html.tmpl @@ -4,7 +4,7 @@

登录

- {{ .CSRFField }} + {{ csrfField }}
diff --git a/web/templates/user/register.html.tmpl b/web/templates/user/register.html.tmpl index 13fdaa9..b46da00 100644 --- a/web/templates/user/register.html.tmpl +++ b/web/templates/user/register.html.tmpl @@ -4,7 +4,7 @@

注册

- {{ .CSRFField }} + {{ csrfField }}
diff --git a/web/templates/video/edit.html.tmpl b/web/templates/video/edit.html.tmpl index 21974af..b19a06d 100644 --- a/web/templates/video/edit.html.tmpl +++ b/web/templates/video/edit.html.tmpl @@ -7,7 +7,7 @@
- {{ .CSRFField }} + {{ csrfField }} {{if .ID}}
diff --git a/web/templates/video/videos.html.tmpl b/web/templates/video/videos.html.tmpl index aae7cb2..bb45dea 100644 --- a/web/templates/video/videos.html.tmpl +++ b/web/templates/video/videos.html.tmpl @@ -36,7 +36,7 @@
{{end}}