sneak/upaas
1
0
Fork 0
Code Issues 21 Pull Requests 2 Actions Packages Projects Releases Wiki Activity
b1dc8fcc4e
upaas/templates/login.html
clawbot b1dc8fcc4e Add CSRF protection to state-changing POST endpoints 
Add gorilla/csrf middleware to protect all HTML-serving routes against
cross-site request forgery attacks. The webhook endpoint is excluded
since it uses secret-based authentication.

Changes:
- Add gorilla/csrf v1.7.3 dependency
- Add CSRF() middleware method using session secret as key
- Apply CSRF middleware to all HTML route groups in routes.go
- Pass CSRF token to all templates via addGlobals helper
- Add {{ .CSRFField }} / {{ $.CSRFField }} hidden inputs to all forms

Closes #11
2026-02-15 14:17:55 -08:00

52 lines
1.6 KiB
HTML
Raw Blame History

{{template "base" .}}
{{define "title"}}Login - µPaaS{{end}}
{{define "content"}}
<div class="min-h-screen flex items-center justify-center py-12 px-4">
<div class="max-w-md w-full">
<div class="text-center mb-8">
<h1 class="text-3xl font-medium text-gray-900">µPaaS</h1>
<p class="mt-2 text-gray-600">Sign in to continue</p>
</div>
<div class="card p-8">
{{template "alert-error" .}}
<form method="POST" action="/login" class="space-y-6">
{{ .CSRFField }}
<div class="form-group">
<label for="username" class="label">Username</label>
<input
type="text"
id="username"
name="username"
value="{{.Username}}"
required
autofocus
autocomplete="username"
class="input"
>
</div>
<div class="form-group">
<label for="password" class="label">Password</label>
<input
type="password"
id="password"
name="password"
required
autocomplete="current-password"
class="input"
>
</div>
<button type="submit" class="btn-primary w-full py-3">
Sign In
</button>
</form>
</div>
</div>
</div>
{{end}}
Reference in New Issue View Git Blame Copy Permalink