mirror of
https://github.com/alecthomas/chroma.git
synced 2025-03-17 20:58:08 +02:00
Add CSRF support to chromad.
This commit is contained in:
parent
7a7fde259b
commit
2332264124
@ -9,6 +9,8 @@ import (
|
||||
|
||||
rice "github.com/GeertJohan/go.rice"
|
||||
"github.com/alecthomas/kong"
|
||||
"github.com/alecthomas/kong-hcl"
|
||||
"github.com/gorilla/csrf"
|
||||
"github.com/gorilla/mux"
|
||||
|
||||
"github.com/alecthomas/chroma"
|
||||
@ -24,10 +26,6 @@ var (
|
||||
htmlTemplate = template.Must(template.New("html").Parse(templateFiles.MustString("index.html.tmpl")))
|
||||
)
|
||||
|
||||
var cli struct {
|
||||
Bind string `help:"HTTP bind address." default:"127.0.0.1:8080"`
|
||||
}
|
||||
|
||||
type context struct {
|
||||
Background template.CSS
|
||||
SelectedLanguage string
|
||||
@ -37,6 +35,7 @@ type context struct {
|
||||
Text string
|
||||
HTML template.HTML
|
||||
Error string
|
||||
CSRFField template.HTML
|
||||
}
|
||||
|
||||
func handler(w http.ResponseWriter, r *http.Request) {
|
||||
@ -84,6 +83,7 @@ func contextFromRequest(r *http.Request) context {
|
||||
SelectedLanguage: r.Form.Get("language"),
|
||||
SelectedStyle: r.Form.Get("style"),
|
||||
Text: r.Form.Get("text"),
|
||||
CSRFField: csrf.TemplateField(r),
|
||||
}
|
||||
if err != nil {
|
||||
ctx.Error = err.Error()
|
||||
@ -104,13 +104,25 @@ func contextFromRequest(r *http.Request) context {
|
||||
}
|
||||
|
||||
func main() {
|
||||
ctx := kong.Parse(&cli)
|
||||
var cli struct {
|
||||
Config kong.ConfigFlag `help:"Load configuration." placeholder:"FILE"`
|
||||
Bind string `help:"HTTP bind address." default:"127.0.0.1:8080"`
|
||||
CSRFKey string `help:"CSRF key." default:""`
|
||||
}
|
||||
ctx := kong.Parse(&cli, kong.Configuration(konghcl.Loader))
|
||||
|
||||
log.Println("Starting")
|
||||
|
||||
router := mux.NewRouter()
|
||||
router.Handle("/", http.HandlerFunc(handler))
|
||||
router.Handle("/static/{file:.*}", http.StripPrefix("/static/", http.FileServer(staticFiles.HTTPBox())))
|
||||
|
||||
err := http.ListenAndServe(cli.Bind, router)
|
||||
options := []csrf.Option{}
|
||||
if cli.CSRFKey == "" {
|
||||
options = append(options, csrf.Secure(false))
|
||||
}
|
||||
CSRF := csrf.Protect([]byte(cli.CSRFKey), options...)
|
||||
|
||||
err := http.ListenAndServe(cli.Bind, CSRF(router))
|
||||
ctx.FatalIfErrorf(err)
|
||||
}
|
||||
|
@ -25,6 +25,7 @@
|
||||
<h1 class="title">Chroma Playground</h1>
|
||||
|
||||
<form id="chroma" method="post">
|
||||
{{ .CSRFField }}
|
||||
<div class="columns">
|
||||
<div class="column field">
|
||||
<label class="label">Language</label>
|
||||
|
2
go.mod
2
go.mod
@ -5,9 +5,11 @@ require (
|
||||
github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38
|
||||
github.com/alecthomas/colour v0.0.0-20160524082231-60882d9e2721 // indirect
|
||||
github.com/alecthomas/kong v0.1.15
|
||||
github.com/alecthomas/kong-hcl v0.1.7
|
||||
github.com/alecthomas/repr v0.0.0-20180818092828-117648cd9897 // indirect
|
||||
github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964
|
||||
github.com/dlclark/regexp2 v1.1.6
|
||||
github.com/gorilla/csrf v1.6.0
|
||||
github.com/gorilla/mux v1.7.3
|
||||
github.com/mattn/go-colorable v0.0.9
|
||||
github.com/mattn/go-isatty v0.0.4
|
||||
|
11
go.sum
11
go.sum
@ -6,8 +6,11 @@ github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38 h1:smF2tmSOzy2Mm
|
||||
github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38/go.mod h1:r7bzyVFMNntcxPZXK3/+KdruV1H5KSlyVY0gc+NgInI=
|
||||
github.com/alecthomas/colour v0.0.0-20160524082231-60882d9e2721 h1:JHZL0hZKJ1VENNfmXvHbgYlbUOvpzYzvy2aZU5gXVeo=
|
||||
github.com/alecthomas/colour v0.0.0-20160524082231-60882d9e2721/go.mod h1:QO9JBoKquHd+jz9nshCh40fOfO+JzsoXy8qTHF68zU0=
|
||||
github.com/alecthomas/kong v0.1.13/go.mod h1:0m2VYms8rH0qbCqVB2gvGHk74bqLIq0HXjCs5bNbNQU=
|
||||
github.com/alecthomas/kong v0.1.15 h1:IWBg+KrLvoHBicD50OzMI8fKjrtAa1okMR9g38HVM/s=
|
||||
github.com/alecthomas/kong v0.1.15/go.mod h1:0m2VYms8rH0qbCqVB2gvGHk74bqLIq0HXjCs5bNbNQU=
|
||||
github.com/alecthomas/kong-hcl v0.1.7 h1:BhqAe2mE/cBq7Plnb218eTonsp4KcXf0BZCu3bO3qxg=
|
||||
github.com/alecthomas/kong-hcl v0.1.7/go.mod h1:+diJg0tzfMUY/5uDo0dlb7uThhVpWr59PuYkdtRJbms=
|
||||
github.com/alecthomas/repr v0.0.0-20180818092828-117648cd9897 h1:p9Sln00KOTlrYkxI1zYWl1QLnEqAqEARBEYa8FQnQcY=
|
||||
github.com/alecthomas/repr v0.0.0-20180818092828-117648cd9897/go.mod h1:xTS7Pm1pD1mvyM075QCDSRqH6qRLXylzS24ZTpRiSzQ=
|
||||
github.com/daaku/go.zipexe v1.0.0 h1:VSOgZtH418pH9L16hC/JrgSNJbbAL26pj7lmD1+CGdY=
|
||||
@ -19,14 +22,22 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
|
||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/dlclark/regexp2 v1.1.6 h1:CqB4MjHw0MFCDj+PHHjiESmHX+N7t0tJzKvC6M97BRg=
|
||||
github.com/dlclark/regexp2 v1.1.6/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc=
|
||||
github.com/gorilla/csrf v1.6.0 h1:60oN1cFdncCE8tjwQ3QEkFND5k37lQPcRjnlvm7CIJ0=
|
||||
github.com/gorilla/csrf v1.6.0/go.mod h1:7tSf8kmjNYr7IWDCYhd3U8Ck34iQ/Yw5CJu7bAkHEGI=
|
||||
github.com/gorilla/mux v1.7.3 h1:gnP5JzjVOuiZD07fKKToCAOjS0yOpj/qPETTXCCS6hw=
|
||||
github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
|
||||
github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
|
||||
github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
|
||||
github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
|
||||
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
|
||||
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
|
||||
github.com/mattn/go-colorable v0.0.9 h1:UVL0vNpWh04HeJXV0KLcaT7r06gOH2l4OW6ddYRUIY4=
|
||||
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
|
||||
github.com/mattn/go-isatty v0.0.4 h1:bnP0vzxcAdeI1zdubAl5PjU6zsERjGZb7raWodagDYs=
|
||||
github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
|
||||
github.com/nkovacs/streamquote v0.0.0-20170412213628-49af9bddb229/go.mod h1:0aYXnNPJ8l7uZxf45rWW1a/uME32OF0rhiYGNQ2oF2E=
|
||||
github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw=
|
||||
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||
github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ=
|
||||
|
Loading…
x
Reference in New Issue
Block a user