Exemple #1
0
func Pongo2() HandlerFunc {
	return func(c *Context) {
		c.Next()

		templateName, templateNameExists := c.Get("template")
		templateData, templateDataExists := c.Get("data")
		templateNameValue, isString := templateName.(string)

		if templateNameExists && templateDataExists && isString {
			template := pongo2.Must(pongo2.FromFile(templateNameValue))
			err := template.ExecuteWriter(getContext(templateData), c.Writer)
			if err != nil {
				http.Error(c.Writer, err.Error(), http.StatusInternalServerError)
			}
		}
	}
}
package pongo2

import (
	"bytes"

	"github.com/astaxie/beego"
	p2 "gopkg.in/flosch/pongo2.v3"
)

var xsrfTemplate = p2.Must(p2.FromString(`<input type="hidden" name="_xsrf" value="{{ _xsrf }}">`))

type tagXSRFTokenNode struct{}

func (node *tagXSRFTokenNode) Execute(ctx *p2.ExecutionContext, buffer *bytes.Buffer) *p2.Error {
	if !beego.EnableXSRF {
		return nil
	}

	xsrftoken := ctx.Public["_xsrf"]
	err := xsrfTemplate.ExecuteWriter(p2.Context{"_xsrf": xsrftoken}, buffer)
	if err != nil {
		return err.(*p2.Error)
	}
	return nil
}

// tagXSRFParser implements a {% xsrftoken %} tag that inserts <input type="hidden" name="_xsrf" value="{{ _xsrf }}">
// just like Django's {% csrftoken %}. Note that we follow Beego's convention by using "XSRF" and not "CSRF".
func tagXSRFParser(doc *p2.Parser, start *p2.Token, arguments *p2.Parser) (p2.INodeTag, *p2.Error) {
	return &tagXSRFTokenNode{}, nil
}