kenneth/mediahls
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

csrf use template func type

Browse Source
This commit is contained in:
kenneth 2023-12-04 08:03:41 +00:00
parent 91edab2f9b
commit f4ef8acb1f
9 changed files with 27 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@ -5,6 +5,7 @@ go 1.21.4
require ( require (
github.com/aead/chacha20poly1305 v0.0.0-20201124145622-1a5aba2a8b29 github.com/aead/chacha20poly1305 v0.0.0-20201124145622-1a5aba2a8b29
github.com/golang-jwt/jwt/v5 v5.1.0 github.com/golang-jwt/jwt/v5 v5.1.0
github.com/gorilla/csrf v1.7.2
github.com/gorilla/mux v1.8.1 github.com/gorilla/mux v1.8.1
github.com/gorilla/securecookie v1.1.2 github.com/gorilla/securecookie v1.1.2
github.com/lib/pq v1.10.9 github.com/lib/pq v1.10.9
@ -22,7 +23,6 @@ require (
github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect
github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635 // indirect github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635 // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/gorilla/csrf v1.7.2 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect github.com/hashicorp/hcl v1.0.0 // indirect
github.com/magiconair/properties v1.8.7 // indirect github.com/magiconair/properties v1.8.7 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect

2
internal/handlers/home.go
View File

@ -42,5 +42,5 @@ func (server *Server) homeView(w http.ResponseWriter, r *http.Request) {
} }
} }
renderLayout(w, data, "web/templates/home.html.tmpl") renderLayout(w, r, data, "web/templates/home.html.tmpl")
} }

21
internal/handlers/render.go
View File

@ -3,7 +3,9 @@ package handlers
import ( import (
"html/template" "html/template"
"net/http" "net/http"
"path/filepath"
"github.com/gorilla/csrf"
"github.com/zhang2092/mediahls/internal/pkg/logger" "github.com/zhang2092/mediahls/internal/pkg/logger"
) )
@ -24,18 +26,25 @@ import (
// } // }
// renderLayout 渲染方法 带框架 // renderLayout 渲染方法 带框架
func renderLayout(w http.ResponseWriter, data any, tmpls ...string) { func renderLayout(w http.ResponseWriter, r *http.Request, data any, tmpl string) {
tmpls = append(tmpls, "web/templates/base/header.html.tmpl", "web/templates/base/footer.html.tmpl") t := template.New(filepath.Base(tmpl))
t, err := template.ParseFiles(tmpls...) t = t.Funcs(template.FuncMap{
"csrfField": func() template.HTML {
return csrf.TemplateField(r)
},
})
tpl := template.Must(t.Clone())
tpl, err := tpl.ParseFiles(tmpl, "web/templates/base/header.html.tmpl", "web/templates/base/footer.html.tmpl")
if err != nil { if err != nil {
logger.Logger.Errorf("template parse: %v, %v", tmpls, err) logger.Logger.Errorf("template parse: %s, %v", tmpl, err)
w.WriteHeader(http.StatusInternalServerError) w.WriteHeader(http.StatusInternalServerError)
return return
} }
err = t.Execute(w, data) err = tpl.Execute(w, data)
if err != nil { if err != nil {
logger.Logger.Errorf("template execute: %v, %v", tmpls, err) logger.Logger.Errorf("template execute: %s, %v", tmpl, err)
w.WriteHeader(http.StatusInternalServerError) w.WriteHeader(http.StatusInternalServerError)
return return
} }

24
internal/handlers/user.go
View File

@ -2,11 +2,9 @@ package handlers
import ( import (
"database/sql" "database/sql"
"html/template"
"net/http" "net/http"
"time" "time"
"github.com/gorilla/csrf"
"github.com/zhang2092/mediahls/internal/db" "github.com/zhang2092/mediahls/internal/db"
"github.com/zhang2092/mediahls/internal/pkg/cookie" "github.com/zhang2092/mediahls/internal/pkg/cookie"
pwd "github.com/zhang2092/mediahls/internal/pkg/password" pwd "github.com/zhang2092/mediahls/internal/pkg/password"
@ -17,7 +15,6 @@ import (
// registerPageData 注册页面数据 // registerPageData 注册页面数据
type registerPageData struct { type registerPageData struct {
Authorize Authorize
CSRFField template.HTML
Summary string Summary string
Email string Email string
EmailMsg string EmailMsg string
@ -30,7 +27,6 @@ type registerPageData struct {
// loginPageData 登录页面数据 // loginPageData 登录页面数据
type loginPageData struct { type loginPageData struct {
Authorize Authorize
CSRFField template.HTML
Summary string Summary string
Email string Email string
EmailMsg string EmailMsg string
@ -163,28 +159,12 @@ func (server *Server) logout(w http.ResponseWriter, r *http.Request) {
// renderRegister 渲染注册页面 // renderRegister 渲染注册页面
func renderRegister(w http.ResponseWriter, r *http.Request, data any) { func renderRegister(w http.ResponseWriter, r *http.Request, data any) {
if data != nil { renderLayout(w, r, data, "web/templates/user/register.html.tmpl")
res := data.(registerPageData)
res.CSRFField = csrf.TemplateField(r)
renderLayout(w, res, "web/templates/user/register.html.tmpl")
} else {
renderLayout(w, registerPageData{
CSRFField: csrf.TemplateField(r),
}, "web/templates/user/register.html.tmpl")
}
} }
// renderLogin 渲染登录页面 // renderLogin 渲染登录页面
func renderLogin(w http.ResponseWriter, r *http.Request, data any) { func renderLogin(w http.ResponseWriter, r *http.Request, data any) {
if data != nil { renderLayout(w, r, data, "web/templates/user/login.html.tmpl")
res := data.(loginPageData)
res.CSRFField = csrf.TemplateField(r)
renderLayout(w, res, "web/templates/user/login.html.tmpl")
} else {
renderLayout(w, loginPageData{
CSRFField: csrf.TemplateField(r),
}, "web/templates/user/login.html.tmpl")
}
} }
// viladatorRegister 校验注册数据 // viladatorRegister 校验注册数据

21
internal/handlers/video.go
View File

@ -4,13 +4,11 @@ import (
"context" "context"
"encoding/json" "encoding/json"
"fmt" "fmt"
"html/template"
"net/http" "net/http"
"strconv" "strconv"
"strings" "strings"
"time" "time"
"github.com/gorilla/csrf"
"github.com/gorilla/mux" "github.com/gorilla/mux"
"github.com/zhang2092/mediahls/internal/db" "github.com/zhang2092/mediahls/internal/db"
"github.com/zhang2092/mediahls/internal/pkg/convert" "github.com/zhang2092/mediahls/internal/pkg/convert"
@ -29,14 +27,12 @@ type videoPageData struct {
// videosPageData 视频列表数据 // videosPageData 视频列表数据
type videosPageData struct { type videosPageData struct {
Authorize Authorize
CSRFField template.HTML Videos []db.Video
Videos []db.Video
} }
// videoEditPageData 视频编辑数据 // videoEditPageData 视频编辑数据
type videoEditPageData struct { type videoEditPageData struct {
Authorize Authorize
CSRFField template.HTML
Summary string Summary string
ID string ID string
IDMsg string IDMsg string
@ -72,7 +68,7 @@ func (server *Server) videoView(w http.ResponseWriter, r *http.Request) {
if err == nil { if err == nil {
data.Authorize = *auth data.Authorize = *auth
} }
renderLayout(w, data, "web/templates/video/play.html.tmpl") renderLayout(w, r, data, "web/templates/video/play.html.tmpl")
} }
// videosView 视频列表页面 // videosView 视频列表页面
@ -80,7 +76,6 @@ func (server *Server) videosView(w http.ResponseWriter, r *http.Request) {
ctx := r.Context() ctx := r.Context()
data := videosPageData{ data := videosPageData{
Authorize: withUser(ctx), Authorize: withUser(ctx),
CSRFField: csrf.TemplateField(r),
} }
vars := mux.Vars(r) vars := mux.Vars(r)
@ -103,7 +98,7 @@ func (server *Server) videosView(w http.ResponseWriter, r *http.Request) {
} }
} }
renderLayout(w, data, "web/templates/video/videos.html.tmpl") renderLayout(w, r, data, "web/templates/video/videos.html.tmpl")
} }
// editVideoView 视频编辑页面 // editVideoView 视频编辑页面
@ -288,15 +283,7 @@ func (server *Server) transfer(w http.ResponseWriter, r *http.Request) {
// renderEditVideo 渲染视频编辑页面 // renderEditVideo 渲染视频编辑页面
func renderEditVideo(w http.ResponseWriter, r *http.Request, data any) { func renderEditVideo(w http.ResponseWriter, r *http.Request, data any) {
if data != nil { renderLayout(w, r, data, "web/templates/video/edit.html.tmpl")
res := data.(videoEditPageData)
res.CSRFField = csrf.TemplateField(r)
renderLayout(w, res, "web/templates/video/edit.html.tmpl")
}
renderLayout(w, videoEditPageData{
CSRFField: csrf.TemplateField(r),
}, "web/templates/video/edit.html.tmpl")
} }
// viladatorEditVedio 检验视频编辑数据 // viladatorEditVedio 检验视频编辑数据

2
web/templates/user/login.html.tmpl
View File

@ -4,7 +4,7 @@
<h1>登录</h1> <h1>登录</h1>
<div class="col-sm-4 py-md-5"> <div class="col-sm-4 py-md-5">
<form action="/login" method="post"> <form action="/login" method="post">
{{ .CSRFField }} {{ csrfField }}
<div class="form-group"> <div class="form-group">
<div class="input-group"> <div class="input-group">
<div class="input-group-prepend"> <div class="input-group-prepend">

2
web/templates/user/register.html.tmpl
View File

@ -4,7 +4,7 @@
<h1>注册</h1> <h1>注册</h1>
<div class="col-sm-4 py-md-5"> <div class="col-sm-4 py-md-5">
<form action="/register" method="post"> <form action="/register" method="post">
{{ .CSRFField }} {{ csrfField }}
<div class="form-group"> <div class="form-group">
<div class="input-group"> <div class="input-group">
<div class="input-group-prepend"> <div class="input-group-prepend">

2
web/templates/video/edit.html.tmpl
View File

@ -7,7 +7,7 @@
</div> </div>
<div class="col-sm-6 py-md-5 flex flex-column justify-content"> <div class="col-sm-6 py-md-5 flex flex-column justify-content">
<form action="/me/videos/update" method="post"> <form action="/me/videos/update" method="post">
{{ .CSRFField }} {{ csrfField }}
{{if .ID}} {{if .ID}}
<div class="form-group"> <div class="form-group">
<div class="input-group"> <div class="input-group">

2
web/templates/video/videos.html.tmpl
View File

@ -36,7 +36,7 @@
</div> </div>
{{end}} {{end}}
<div class="hidden"> <div class="hidden">
{{ .CSRFField }} {{ csrfField }}
</div> </div>
</div> </div>
</div> </div>