b1dc8fcc4e
Add gorilla/csrf middleware to protect all HTML-serving routes against
cross-site request forgery attacks. The webhook endpoint is excluded
since it uses secret-based authentication.
Changes:
- Add gorilla/csrf v1.7.3 dependency
- Add CSRF() middleware method using session secret as key
- Apply CSRF middleware to all HTML route groups in routes.go
- Pass CSRF token to all templates via addGlobals helper
- Add {{ .CSRFField }} / {{ $.CSRFField }} hidden inputs to all forms
Closes #11
71 lines
2.4 KiB
HTML
71 lines
2.4 KiB
HTML
{{template "base" .}}
|
|
|
|
{{define "title"}}Setup - µPaaS{{end}}
|
|
|
|
{{define "content"}}
|
|
<div class="min-h-screen flex items-center justify-center py-12 px-4">
|
|
<div class="max-w-md w-full">
|
|
<div class="text-center mb-8">
|
|
<h1 class="text-3xl font-medium text-gray-900">Welcome to µPaaS</h1>
|
|
<p class="mt-2 text-gray-600">Create your admin account to get started</p>
|
|
</div>
|
|
|
|
<div class="card p-8">
|
|
{{template "alert-error" .}}
|
|
|
|
<form method="POST" action="/setup" class="space-y-6">
|
|
{{ .CSRFField }}
|
|
<div class="form-group">
|
|
<label for="username" class="label">Username</label>
|
|
<input
|
|
type="text"
|
|
id="username"
|
|
name="username"
|
|
value="{{.Username}}"
|
|
required
|
|
autofocus
|
|
autocomplete="username"
|
|
class="input"
|
|
placeholder="admin"
|
|
>
|
|
</div>
|
|
|
|
<div class="form-group">
|
|
<label for="password" class="label">Password</label>
|
|
<input
|
|
type="password"
|
|
id="password"
|
|
name="password"
|
|
required
|
|
autocomplete="new-password"
|
|
class="input"
|
|
placeholder="Minimum 8 characters"
|
|
>
|
|
</div>
|
|
|
|
<div class="form-group">
|
|
<label for="password_confirm" class="label">Confirm Password</label>
|
|
<input
|
|
type="password"
|
|
id="password_confirm"
|
|
name="password_confirm"
|
|
required
|
|
autocomplete="new-password"
|
|
class="input"
|
|
placeholder="Repeat your password"
|
|
>
|
|
</div>
|
|
|
|
<button type="submit" class="btn-primary w-full py-3">
|
|
Create Account
|
|
</button>
|
|
</form>
|
|
</div>
|
|
|
|
<p class="mt-6 text-center text-sm text-gray-500">
|
|
This is a single-user system. This account will be the only admin.
|
|
</p>
|
|
</div>
|
|
</div>
|
|
{{end}}
|