rnsrk/wisski-cloud-distillery
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

control: Generalize cookie and csrf handling

Browse source
This commit is contained in:
Tom Wiesing 2023-01-05 15:59:24 +01:00
parent eb17dbe33f
commit 34bdb3cf24
No known key found for this signature in database
15 changed files with 122 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

8
internal/dis/component/auth/panel/panel.go
View file

@ -22,7 +22,13 @@ var (
_ component.Routeable = (*UserPanel)(nil)
)
func (panel *UserPanel) Routes() []string { return []string{"/user/"} }
func (panel *UserPanel) Routes() component.Routes {
return component.Routes{
Paths: []string{"/user/"},
CSRF: true,
Decorator: panel.Dependencies.Auth.Require(nil),
}
}
func (panel *UserPanel) HandleRoute(ctx context.Context, route string) (http.Handler, error) {
router := httprouter.New()

1
internal/dis/component/auth/panel/password.go
View file

@ -33,7 +33,6 @@ func (panel *UserPanel) routePassword(ctx context.Context) http.Handler {
{Name: "new2", Type: httpx.PasswordField, EmptyOnError: true, Label: "New Password (again)"},
},
FieldTemplate: httpx.PureCSSFieldTemplate,
CSRF: true,
RenderTemplate: passwordTemplate,
RenderTemplateContext: panel.UserFormContext,

3
internal/dis/component/auth/panel/totp.go
View file

@ -22,7 +22,6 @@ func (panel *UserPanel) routeTOTPEnable(ctx context.Context) http.Handler {
{Name: "password", Type: httpx.PasswordField, EmptyOnError: true, Label: "Current Password"},
},
FieldTemplate: httpx.PureCSSFieldTemplate,
CSRF: true,
SkipForm: func(r *http.Request) (data struct{}, skip bool) {
user, err := panel.Dependencies.Auth.UserOf(r)
@ -80,7 +79,6 @@ func (panel *UserPanel) routeTOTPEnroll(ctx context.Context) http.Handler {
{Name: "otp", Type: httpx.TextField, EmptyOnError: true, Label: "Passcode"},
},
FieldTemplate: httpx.PureCSSFieldTemplate,
CSRF: true,
SkipForm: func(r *http.Request) (data struct{}, skip bool) {
user, err := panel.Dependencies.Auth.UserOf(r)
@ -150,7 +148,6 @@ func (panel *UserPanel) routeTOTPDisable(ctx context.Context) http.Handler {
{Name: "otp", Type: httpx.TextField, EmptyOnError: true, Label: "Current Passcode"},
},
FieldTemplate: httpx.PureCSSFieldTemplate,
CSRF: true,
SkipForm: func(r *http.Request) (data struct{}, skip bool) {
user, err := panel.Dependencies.Auth.UserOf(r)