Skip to content

Commit 224598f

Browse files
ockibaguspockibagusp
authored
Merge pull request #17 from ockibagusp/test-without-csrf
Test without csrf
2 parents 5fd45b8 + 23495d7 commit 224598f

18 files changed

+184
-218
lines changed

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,5 +8,6 @@ golang-website-example
88
golang-website-example.exe
99

1010
# air
11+
bin
1112
.air.toml
1213
tmp

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ Golang Echo and html template.
55
66

77
- [x] Website is ok
8-
- [ ] **Test failed: All from Session and CSRF.**
8+
- [ ] **Test failed: All from Session.**
99

1010

1111
### Visual Studio Code

controllers/home_controller.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ func (controller Controller) Home(c echo.Context) error {
3232
var user models.User
3333
if err := controller.DB.Select("name").Where(
3434
"username = ?", session.Values["username"],
35-
).First(&user); err.Error != nil { // TODO: why?
35+
).First(&user); err.Error != nil { // why?
3636
log.Warnf(`session values "username" error: %v`, err.Error)
3737
}
3838

controllers/user_controller.go

Lines changed: 26 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,11 @@ func (controller *Controller) Users(c echo.Context) error {
2929
})
3030
log.Info("START request method GET for users")
3131

32+
log.Println(session.ID)
33+
log.Println(session.IsNew)
34+
log.Println(session.Options)
35+
log.Println(session.Values)
36+
3237
is_auth_type := session.Values["is_auth_type"]
3338
if is_auth_type == -1 {
3439
log.Warn("for GET to users without no-session [@route: /login]")
@@ -149,7 +154,7 @@ func (controller *Controller) CreateUser(c echo.Context) error {
149154
}
150155

151156
// userForm: type of a user
152-
_userForm := types.UserForm{
157+
userForm := types.UserForm{
153158
Username: c.FormValue("username"),
154159
Email: c.FormValue("email"),
155160
Password: c.FormValue("password"),
@@ -159,19 +164,19 @@ func (controller *Controller) CreateUser(c echo.Context) error {
159164
Photo: c.FormValue("photo"),
160165
}
161166

162-
// _userForm: Validate of a validate user
167+
// userForm: Validate of a validate user
163168
err := validation.Errors{
164169
"username": validation.Validate(
165-
_userForm.Username, validation.Required, validation.Length(4, 15),
170+
userForm.Username, validation.Required, validation.Length(4, 15),
166171
),
167-
"email": validation.Validate(_userForm.Email, validation.Required, is.Email),
172+
"email": validation.Validate(userForm.Email, validation.Required, is.EmailFormat),
168173
"password": validation.Validate(
169-
_userForm.Password, validation.Required, validation.Length(6, 18),
170-
validation.By(types.PasswordEquals(_userForm.ConfirmPassword)),
174+
userForm.Password, validation.Required, validation.Length(6, 18),
175+
validation.By(types.PasswordEquals(userForm.ConfirmPassword)),
171176
),
172-
"name": validation.Validate(_userForm.Name, validation.Required),
173-
"city": validation.Validate(_userForm.City),
174-
"photo": validation.Validate(_userForm.Photo),
177+
"name": validation.Validate(userForm.Name, validation.Required),
178+
"city": validation.Validate(userForm.City),
179+
"photo": validation.Validate(userForm.Photo),
175180
}.Filter()
176181
/* if err = validation.Errors{...}.Filter(); err != nil {
177182
...
@@ -196,20 +201,20 @@ func (controller *Controller) CreateUser(c echo.Context) error {
196201
}
197202

198203
// Password Hash
199-
hash, err := middleware.PasswordHash(_userForm.Password)
204+
hash, err := middleware.PasswordHash(userForm.Password)
200205
if err != nil {
201206
log.Warnf("for POST to create user without middleware.PasswordHash error: `%v`", err)
202207
log.Warn("END request method POST for create user: [-]failure")
203208
return err
204209
}
205210

206211
user := models.User{
207-
Username: _userForm.Username,
208-
Email: _userForm.Email,
212+
Username: userForm.Username,
213+
Email: userForm.Email,
209214
Password: hash,
210-
Name: _userForm.Name,
211-
City: _userForm.City,
212-
Photo: _userForm.Photo,
215+
Name: userForm.Name,
216+
City: userForm.City,
217+
Photo: userForm.Photo,
213218
}
214219

215220
// _, err := user.Save(...): be able
@@ -403,9 +408,9 @@ func (controller *Controller) UpdateUser(c echo.Context) error {
403408
Email: c.FormValue("email"),
404409
Name: c.FormValue("name"),
405410
City: city,
406-
// TODO: photo
411+
// TODO: photo, insyaallah
407412
Photo: "",
408-
// TODO: is admin
413+
// TODO: is admin, insyaallah
409414
IsAdmin: 0,
410415
}
411416

@@ -666,9 +671,12 @@ func (controller *Controller) DeleteUser(c echo.Context) error {
666671
for example:
667672
username ockibagusp delete 'ockibagusp': ok
668673
username ockibagusp delete 'sugriwa': no
674+
675+
insyaallah
669676
*/
677+
oldUsername := session.Values["username"]
670678
_, err = models.User{}.FirstByIDAndUsername(
671-
controller.DB, id, session.Values["username"].(string),
679+
controller.DB, id, oldUsername.(string),
672680
)
673681

674682
if !middleware.IsAdmin(is_auth_type) {

go.mod

Lines changed: 35 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,34 +1,57 @@
11
module github.com/ockibagusp/golang-website-example
22

3-
go 1.14
3+
go 1.18
44

55
require (
6+
github.com/gavv/httpexpect/v2 v2.3.1
7+
github.com/go-ozzo/ozzo-validation/v4 v4.3.0
8+
github.com/gorilla/sessions v1.2.1
9+
github.com/labstack/echo-contrib v0.11.0
10+
github.com/labstack/echo/v4 v4.6.1
11+
github.com/sirupsen/logrus v1.8.1
12+
github.com/stretchr/testify v1.7.0
13+
github.com/tkanos/gonfig v0.0.0-20210106201359-53e13348de2f
14+
golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871
15+
gorm.io/driver/mysql v1.2.0
16+
gorm.io/gorm v1.22.3
17+
)
18+
19+
require (
20+
github.com/ajg/form v1.5.1 // indirect
621
github.com/andybalholm/brotli v1.0.4 // indirect
22+
github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496 // indirect
723
github.com/davecgh/go-spew v1.1.1 // indirect
824
github.com/fatih/structs v1.1.0 // indirect
9-
github.com/gavv/httpexpect/v2 v2.3.1
1025
github.com/ghodss/yaml v1.0.0 // indirect
11-
github.com/go-ozzo/ozzo-validation/v4 v4.3.0
26+
github.com/go-sql-driver/mysql v1.6.0 // indirect
27+
github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
1228
github.com/google/go-querystring v1.1.0 // indirect
13-
github.com/gorilla/sessions v1.2.1
29+
github.com/gorilla/context v1.1.1 // indirect
30+
github.com/gorilla/securecookie v1.1.1 // indirect
31+
github.com/gorilla/websocket v1.4.2 // indirect
1432
github.com/imkira/go-interpol v1.1.0 // indirect
33+
github.com/jinzhu/inflection v1.0.0 // indirect
34+
github.com/jinzhu/now v1.1.2 // indirect
1535
github.com/klauspost/compress v1.13.6 // indirect
16-
github.com/labstack/echo-contrib v0.11.0
17-
github.com/labstack/echo/v4 v4.6.1
1836
github.com/labstack/gommon v0.3.1 // indirect
1937
github.com/mattn/go-colorable v0.1.11 // indirect
38+
github.com/mattn/go-isatty v0.0.14 // indirect
39+
github.com/pmezard/go-difflib v1.0.0 // indirect
2040
github.com/sergi/go-diff v1.2.0 // indirect
21-
github.com/sirupsen/logrus v1.8.1
22-
github.com/stretchr/testify v1.7.0
23-
github.com/tkanos/gonfig v0.0.0-20210106201359-53e13348de2f
41+
github.com/valyala/bytebufferpool v1.0.0 // indirect
2442
github.com/valyala/fasthttp v1.31.0 // indirect
43+
github.com/valyala/fasttemplate v1.2.1 // indirect
2544
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
45+
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
2646
github.com/xeipuuv/gojsonschema v1.2.0 // indirect
27-
golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871
47+
github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0 // indirect
48+
github.com/yudai/gojsondiff v1.0.0 // indirect
49+
github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect
2850
golang.org/x/net v0.0.0-20211205041911-012df41ee64c // indirect
2951
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e // indirect
52+
golang.org/x/text v0.3.7 // indirect
3053
golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 // indirect
3154
gopkg.in/yaml.v2 v2.4.0 // indirect
32-
gorm.io/driver/mysql v1.2.0
33-
gorm.io/gorm v1.22.3
55+
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
56+
moul.io/http2curl v1.0.1-0.20190925090545-5cd742060b0e // indirect
3457
)

0 commit comments

Comments
 (0)