From 42795c6cef3b2a710b13bf0d90436b0e4c90461a Mon Sep 17 00:00:00 2001 From: Dan Ballard Date: Thu, 19 Nov 2015 20:00:33 -0800 Subject: [PATCH] finish csrf and gorilla mux port work --- js/funcs.js | 12 ++++++------ route_handlers.go | 19 ++++++++----------- templates/pages/categories.html | 10 ++++++---- templates/pages/news.html | 10 +++++++--- 4 files changed, 27 insertions(+), 24 deletions(-) diff --git a/js/funcs.js b/js/funcs.js index 09943a0..ee35f1b 100644 --- a/js/funcs.js +++ b/js/funcs.js @@ -28,17 +28,17 @@ $(document).ready( function () { $('.cat-delete').confirm({ text: "Are you sure you want to delete this category?", - title: "Confirmation required", - confirmButton: "Yes", - cancelButton: "No", + title: "Delete confrimation", + confirm: function(form) { + console.log("fooo"); + form.submit(); + } }); $(".confirm-news-delete").confirm({ "text": "Delete news item?", "title": "Delete confirmation", - confirmButton: "Yes", - cancelButton: "No", - "confirm": function(form) { + confirm: function(form) { form.submit(); } }); diff --git a/route_handlers.go b/route_handlers.go index 393847b..885fdfb 100644 --- a/route_handlers.go +++ b/route_handlers.go @@ -188,7 +188,7 @@ func editFormHandler(w http.ResponseWriter, r *http.Request, user *user.User, se flashes := GetFlashes(session) - id, idErr := strconv.Atoi(r.FormValue("id")) + id, idErr := strconv.Atoi(mux.Vars(r)["id"]) if idErr != nil { session.AddFlash("Could not understand news id", flash_err) session.Save(r, w) @@ -210,15 +210,15 @@ func editFormHandler(w http.ResponseWriter, r *http.Request, user *user.User, se } func editPostHandler(w http.ResponseWriter, r *http.Request, user *user.User, session *sessions.Session) { - news_id, err := strconv.Atoi(r.FormValue("id")) - if err != nil { + id, idErr := strconv.Atoi(mux.Vars(r)["id"]) + if idErr != nil { session.AddFlash("Error trying to save news item", flash_err) session.Save(r, w) http.Redirect(w, r, "/news", http.StatusFound) return } - news, err := news.Get(db, news_id) + news, err := news.Get(db, id) if err != nil { fmt.Println("Error trying to edit news item that doesn't exist") session.AddFlash("Error trying to save news item", flash_err) @@ -335,7 +335,7 @@ func categoryFromReqArg(arg string) *categories.Category { func categoryChangeParentHandler(w http.ResponseWriter, r *http.Request, user *user.User, session *sessions.Session) { categories.LoadCategories(db) - category := categoryFromReqArg(r.FormValue("cid")) + category := categoryFromReqArg(mux.Vars(r)["id"]) parent := categoryFromReqArg(r.FormValue("parent")) if category == nil { @@ -378,7 +378,7 @@ func categoryAddHandler(w http.ResponseWriter, r *http.Request, user *user.User, } func categoryDeleteHandler(w http.ResponseWriter, r *http.Request, user *user.User, session *sessions.Session) { - id, idErr := strconv.Atoi(r.FormValue("id")) + id, idErr := strconv.Atoi(mux.Vars(r)["id"]) if idErr != nil { session.AddFlash("Invalid category to delete", flash_err) @@ -447,19 +447,16 @@ func init_route_handlers() *mux.Router { rGet.HandleFunc("/news/added", userHandler(addedHandler)) - // TODO to post and {id} rPost.HandleFunc("/news/{id:[0-9]+}/delete", userHandler(deleteHandler)) - // TODO post {id} ? rGet.HandleFunc("/news/{id:[0-9]+}/edit", userHandler(editFormHandler)) rPost.HandleFunc("/news/{id:[0-9]+}/edit", userHandler(editPostHandler)) rGet.HandleFunc("/categories", userHandler(categoriesFormHandler)) rPost.HandleFunc("/caegories", userHandler(categoriesPostHandler)) - // TODO post, add {id} - rPost.HandleFunc("/categories/change-parent", userHandler(categoryChangeParentHandler)) + rPost.HandleFunc("/categories/{id:[0-9]+}/change-parent", userHandler(categoryChangeParentHandler)) rPost.HandleFunc("/categories/add", userHandler(categoryAddHandler)) - rPost.HandleFunc("/categories/delete", userHandler(categoryDeleteHandler)) + rPost.HandleFunc("/categories/{id:[0-9]+}/delete", userHandler(categoryDeleteHandler)) return r } diff --git a/templates/pages/categories.html b/templates/pages/categories.html index 8e08862..ee01074 100644 --- a/templates/pages/categories.html +++ b/templates/pages/categories.html @@ -2,7 +2,7 @@

Categories

{{template "flashes" .}} {{range $category := .categories}} - {{template "row-category" dict "category" $category "categories" $.categories}} + {{template "row-category" dict "category" $category "categories" $.categories "csrfField" $.csrfField}} {{end}}
@@ -34,10 +34,12 @@ new category select {{.category.Name}}
- delete +
{{ $.csrfField }} + +
-
+ {{ .csrfField }} {{if $.category.Parent.Valid }} {{template "select-category" dict "categories" .categories "id" $.category.Parent.Value}} @@ -49,7 +51,7 @@ new category select
{{range $child := .category.Children}} - {{template "row-category" dict "category" $child "categories" $.categories}} + {{template "row-category" dict "category" $child "categories" $.categories "csrfField" $.csrfField}} {{end}} {{end}} diff --git a/templates/pages/news.html b/templates/pages/news.html index 90c888b..84acb9b 100644 --- a/templates/pages/news.html +++ b/templates/pages/news.html @@ -14,7 +14,7 @@
{{range $news_post := .news}} - {{template "row-news" dict "post" $news_post "categories" $.categories}} + {{template "row-news" dict "post" $news_post "categories" $.categories "csrfField" $.csrfField}} {{end}}
@@ -39,12 +39,16 @@
{{truncate .post.Url 100}}
-
Edit
+
Edit
 
{{truncate .post.Notes 500}}
-
{{ .csrfField }}
+
+
{{ .csrfField }} + +
+
{{end}}