admin/felhom-controller
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v0.23.0 — CSRF protection on all browser-facing POST endpoints

Browse Source 
Controller:
- internal/web/csrf.go (new): CsrfProtect middleware, csrfToken/csrfField helpers
- auth.go: per-session CSRF token (csrfToken field, csrfTokenForSession method)
- server.go: executeTemplate wrapper auto-injects CSRFField+CSRFToken
- main.go: wire CsrfProtect on all routes; bump to v0.23.0
- handlers.go, storage_handlers.go, handler_restore.go: executeTemplate
- All templates: CSRFField in forms, meta csrf-token, csrfHeaders() JS helper,
  fetch calls updated; sendBeacon→fetch+keepalive in storage_attach.html

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
authentik Default Admin
2026-02-21 16:38:56 +01:00
parent ade01470d0
commit 02650e3202
20 changed files with 1143 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files
controller/internal/web/storage_handlers.go
+4 -4
View File
@@ -144,7 +144,7 @@ func (s *Server) currentDiskJob() *activeDiskJob {
// storageInitHandler serves the storage init wizard page.
func (s *Server) storageInitHandler(w http.ResponseWriter, r *http.Request) {
data := s.baseData("settings", "Meghajtó inicializálása")
s.render(w, "storage_init", data)
s.executeTemplate(w, r, "storage_init", data)
}
// storageAPIHandler is the main handler for /api/storage/* routes.
@@ -415,7 +415,7 @@ func (s *Server) migratePageHandler(w http.ResponseWriter, r *http.Request, stac
data["CurrentLabel"] = currentLabel
data["OtherPaths"] = otherPaths
data["DataSizeHuman"] = totalSizeHuman
s.render(w, "migrate", data)
s.executeTemplate(w, r, "migrate", data)
}
// storageMigrateAPIHandler handles POST /api/storage/migrate — starts migration job.
@@ -892,7 +892,7 @@ func (s *Server) staleDataCleanupHandler(w http.ResponseWriter, r *http.Request)
// storageAttachHandler serves the attach wizard page.
func (s *Server) storageAttachHandler(w http.ResponseWriter, r *http.Request) {
data := s.baseData("settings", "Meglévő meghajtó csatolása")
s.render(w, "storage_attach", data)
s.executeTemplate(w, r, "storage_attach", data)
}
// storageAttachMountRawHandler handles POST /api/storage/attach/mount-raw.
@@ -1362,7 +1362,7 @@ func (s *Server) migrateDrivePageHandler(w http.ResponseWriter, r *http.Request)
}
data["Tier2Impact"] = tier2Impact
s.render(w, "migrate_drive", data)
s.executeTemplate(w, r, "migrate_drive", data)
}
// driveMigrateAPIHandler handles POST /api/storage/migrate-drive — starts drive migration.