adyxax/tfstated
1
0
Fork 0
Code Issues 43 Pull requests Releases Packages Wiki Activity Actions

feat(webui): add csrf tokens to all forms processing code
All checks were successful
main / main (push) Successful in 1m59s
Details
main / deploy (push) Has been skipped
Details
main / publish (push) Has been skipped
Details

Browse source 
Closes #60
This commit is contained in:
Julien Dessaux 2025-05-01 08:37:28 +02:00
parent 895615ad6e
commit 5d7b540718
Signed by: adyxax
GPG key ID: F92E51B86E07177E
15 changed files with 71 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
pkg/webui/settings.go
View file

@ -16,7 +16,7 @@ type SettingsPage struct {
var settingsTemplates = template.Must(template.ParseFS(htmlFS, "html/base.html", "html/settings.html"))
func handleSettingsGET(db *database.DB) http.Handler {
func handleSettingsGET() http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
render(w, settingsTemplates, http.StatusOK, SettingsPage{
Page: makePage(r, &Page{Title: "Settings", Section: "settings"}),
@ -30,6 +30,9 @@ func handleSettingsPOST(db *database.DB) http.Handler {
errorResponse(w, r, http.StatusBadRequest, err)
return
}
if !verifyCSRFToken(w, r) {
return
}
darkMode := r.FormValue("dark-mode")
settings := model.Settings{
LightMode: darkMode != "1",