1
0
mirror of https://github.com/alecthomas/chroma.git synced 2025-03-17 20:58:08 +02:00

Add CSRF support to chromad.

This commit is contained in:
Alec Thomas 2019-07-16 16:05:37 +10:00
parent 7a7fde259b
commit 2332264124
4 changed files with 32 additions and 6 deletions

View File

@ -9,6 +9,8 @@ import (
rice "github.com/GeertJohan/go.rice"
"github.com/alecthomas/kong"
"github.com/alecthomas/kong-hcl"
"github.com/gorilla/csrf"
"github.com/gorilla/mux"
"github.com/alecthomas/chroma"
@ -24,10 +26,6 @@ var (
htmlTemplate = template.Must(template.New("html").Parse(templateFiles.MustString("index.html.tmpl")))
)
var cli struct {
Bind string `help:"HTTP bind address." default:"127.0.0.1:8080"`
}
type context struct {
Background template.CSS
SelectedLanguage string
@ -37,6 +35,7 @@ type context struct {
Text string
HTML template.HTML
Error string
CSRFField template.HTML
}
func handler(w http.ResponseWriter, r *http.Request) {
@ -84,6 +83,7 @@ func contextFromRequest(r *http.Request) context {
SelectedLanguage: r.Form.Get("language"),
SelectedStyle: r.Form.Get("style"),
Text: r.Form.Get("text"),
CSRFField: csrf.TemplateField(r),
}
if err != nil {
ctx.Error = err.Error()
@ -104,13 +104,25 @@ func contextFromRequest(r *http.Request) context {
}
func main() {
ctx := kong.Parse(&cli)
var cli struct {
Config kong.ConfigFlag `help:"Load configuration." placeholder:"FILE"`
Bind string `help:"HTTP bind address." default:"127.0.0.1:8080"`
CSRFKey string `help:"CSRF key." default:""`
}
ctx := kong.Parse(&cli, kong.Configuration(konghcl.Loader))
log.Println("Starting")
router := mux.NewRouter()
router.Handle("/", http.HandlerFunc(handler))
router.Handle("/static/{file:.*}", http.StripPrefix("/static/", http.FileServer(staticFiles.HTTPBox())))
err := http.ListenAndServe(cli.Bind, router)
options := []csrf.Option{}
if cli.CSRFKey == "" {
options = append(options, csrf.Secure(false))
}
CSRF := csrf.Protect([]byte(cli.CSRFKey), options...)
err := http.ListenAndServe(cli.Bind, CSRF(router))
ctx.FatalIfErrorf(err)
}

View File

@ -25,6 +25,7 @@
<h1 class="title">Chroma Playground</h1>
<form id="chroma" method="post">
{{ .CSRFField }}
<div class="columns">
<div class="column field">
<label class="label">Language</label>

2
go.mod
View File

@ -5,9 +5,11 @@ require (
github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38
github.com/alecthomas/colour v0.0.0-20160524082231-60882d9e2721 // indirect
github.com/alecthomas/kong v0.1.15
github.com/alecthomas/kong-hcl v0.1.7
github.com/alecthomas/repr v0.0.0-20180818092828-117648cd9897 // indirect
github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964
github.com/dlclark/regexp2 v1.1.6
github.com/gorilla/csrf v1.6.0
github.com/gorilla/mux v1.7.3
github.com/mattn/go-colorable v0.0.9
github.com/mattn/go-isatty v0.0.4

11
go.sum
View File

@ -6,8 +6,11 @@ github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38 h1:smF2tmSOzy2Mm
github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38/go.mod h1:r7bzyVFMNntcxPZXK3/+KdruV1H5KSlyVY0gc+NgInI=
github.com/alecthomas/colour v0.0.0-20160524082231-60882d9e2721 h1:JHZL0hZKJ1VENNfmXvHbgYlbUOvpzYzvy2aZU5gXVeo=
github.com/alecthomas/colour v0.0.0-20160524082231-60882d9e2721/go.mod h1:QO9JBoKquHd+jz9nshCh40fOfO+JzsoXy8qTHF68zU0=
github.com/alecthomas/kong v0.1.13/go.mod h1:0m2VYms8rH0qbCqVB2gvGHk74bqLIq0HXjCs5bNbNQU=
github.com/alecthomas/kong v0.1.15 h1:IWBg+KrLvoHBicD50OzMI8fKjrtAa1okMR9g38HVM/s=
github.com/alecthomas/kong v0.1.15/go.mod h1:0m2VYms8rH0qbCqVB2gvGHk74bqLIq0HXjCs5bNbNQU=
github.com/alecthomas/kong-hcl v0.1.7 h1:BhqAe2mE/cBq7Plnb218eTonsp4KcXf0BZCu3bO3qxg=
github.com/alecthomas/kong-hcl v0.1.7/go.mod h1:+diJg0tzfMUY/5uDo0dlb7uThhVpWr59PuYkdtRJbms=
github.com/alecthomas/repr v0.0.0-20180818092828-117648cd9897 h1:p9Sln00KOTlrYkxI1zYWl1QLnEqAqEARBEYa8FQnQcY=
github.com/alecthomas/repr v0.0.0-20180818092828-117648cd9897/go.mod h1:xTS7Pm1pD1mvyM075QCDSRqH6qRLXylzS24ZTpRiSzQ=
github.com/daaku/go.zipexe v1.0.0 h1:VSOgZtH418pH9L16hC/JrgSNJbbAL26pj7lmD1+CGdY=
@ -19,14 +22,22 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/dlclark/regexp2 v1.1.6 h1:CqB4MjHw0MFCDj+PHHjiESmHX+N7t0tJzKvC6M97BRg=
github.com/dlclark/regexp2 v1.1.6/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc=
github.com/gorilla/csrf v1.6.0 h1:60oN1cFdncCE8tjwQ3QEkFND5k37lQPcRjnlvm7CIJ0=
github.com/gorilla/csrf v1.6.0/go.mod h1:7tSf8kmjNYr7IWDCYhd3U8Ck34iQ/Yw5CJu7bAkHEGI=
github.com/gorilla/mux v1.7.3 h1:gnP5JzjVOuiZD07fKKToCAOjS0yOpj/qPETTXCCS6hw=
github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
github.com/mattn/go-colorable v0.0.9 h1:UVL0vNpWh04HeJXV0KLcaT7r06gOH2l4OW6ddYRUIY4=
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
github.com/mattn/go-isatty v0.0.4 h1:bnP0vzxcAdeI1zdubAl5PjU6zsERjGZb7raWodagDYs=
github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/nkovacs/streamquote v0.0.0-20170412213628-49af9bddb229/go.mod h1:0aYXnNPJ8l7uZxf45rWW1a/uME32OF0rhiYGNQ2oF2E=
github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ=