arthur/xtablo-source
1
0
Fork 0
Code Issues 2 Pull requests 1 Projects 1 Releases Packages Wiki Activity Actions 5
xtablo-source/backend/templates
History
Arthur Belleville 389e1bc8b4
feat(02-07): gorilla/csrf integration — mount middleware, wire all forms, env-driven key 
- auth.Mount(env, key) wraps csrf.Protect with locked D-14/D-24 options
- auth.LoadKeyFromEnv() reads SESSION_SECRET, hex-decodes, validates 32 bytes; fails fast on error
- ui.CSRFField(token) templ component renders hidden _csrf input
- Layout, LoginPage/Fragment, SignupPage/Fragment, Index all embed @ui.CSRFField(csrfToken)
- Handlers thread csrf.Token(r) into every page/fragment render call
- NewRouter mounts auth.Mount after ResolveSession, before all route groups (D-24)
- main.go calls auth.LoadKeyFromEnv(); logs.Fatalf on missing/invalid SESSION_SECRET
- SESSION_SECRET documented in .env.example with openssl rand -hex 32 instruction
- go.mod: gorilla/csrf v1.7.3 (direct); prior tests updated with getCSRFToken helper
- All Plan 04/05/06 tests updated to acquire and submit valid _csrf tokens
2026-05-14 22:59:06 +02:00
..
.gitkeep feat(01-01): create directory skeleton and per-package doc.go placeholders 2026-05-14 17:53:55 +02:00
auth_form_errors.templ feat(02-04): signup templates (full page + HTMX fragment) with render tests 2026-05-14 22:14:28 +02:00
auth_forms.go feat(02-05): login vertical slice with rate limiting 2026-05-14 22:27:54 +02:00
auth_login.templ feat(02-07): gorilla/csrf integration — mount middleware, wire all forms, env-driven key 2026-05-14 22:59:06 +02:00
auth_signup.templ feat(02-07): gorilla/csrf integration — mount middleware, wire all forms, env-driven key 2026-05-14 22:59:06 +02:00
auth_signup_test.go feat(02-07): gorilla/csrf integration — mount middleware, wire all forms, env-driven key 2026-05-14 22:59:06 +02:00
fragments.templ feat(01-03): templ layout/index/fragments + handlers + chi router 2026-05-14 19:25:43 +02:00
index.templ feat(02-07): gorilla/csrf integration — mount middleware, wire all forms, env-driven key 2026-05-14 22:59:06 +02:00
layout.templ feat(02-07): gorilla/csrf integration — mount middleware, wire all forms, env-driven key 2026-05-14 22:59:06 +02:00
layout_test.go feat(02-07): gorilla/csrf integration — mount middleware, wire all forms, env-driven key 2026-05-14 22:59:06 +02:00