diff options
Diffstat (limited to '')
-rw-r--r-- | auth.go | 6 | ||||
-rw-r--r-- | csrf.go | 10 | ||||
-rw-r--r-- | form.go | 5 |
3 files changed, 15 insertions, 6 deletions
@@ -119,9 +119,9 @@ func loginPage() http.HandlerFunc { if session(r).Authenticated { http.Redirect(w, r, "/", http.StatusFound) } - showLoginPage(w, User{ - Csrf: CsrfField(r), - }) + u := User{} + u.SetCsrfField(r) + showLoginPage(w, u) } } @@ -19,9 +19,13 @@ func csrfHandler(next http.Handler) http.Handler { // Csrf handles the CSRF data for a form. // Include it verbatim and then use `{{.CsrfField}}` in templates. type Csrf struct { - CsrfField template.HTML `form:"-"` + CsrfField template.HTML `form:"-" schema:"-"` } -func CsrfField(r *http.Request) Csrf { - return Csrf{CsrfField: csrf.TemplateField(r)} +func (c *Csrf) SetCsrfField(r *http.Request) { + c.CsrfField = csrf.TemplateField(r) +} + +type WithCsrf interface { + SetCsrfField(r *http.Request) } @@ -12,6 +12,7 @@ var schemaDecoder *schema.Decoder func init() { schemaDecoder = schema.NewDecoder() + schemaDecoder.IgnoreUnknownKeys(true) } type fieldError struct { @@ -34,4 +35,8 @@ func parseForm[T any](r *http.Request, data *T) { if err := schemaDecoder.Decode(data, r.PostForm); err != nil { log.Panic("Decoding form: ", err) } + + if withCsrf, ok := any(data).(WithCsrf); ok { + withCsrf.SetCsrfField(r) + } } |