search

josephspurrier / gowebapp

Basic MVC Web Application in Go
MIT License
1.14k stars 197 forks source link

Your token expired, click here to try again. #33

Closed k0fi closed 6 years ago

k0fi commented 6 years ago

Hello, Joseph,

I'm trying to make a file upload form, but get this annoying error and hope you can help to resolve it:

Your token expired, click here to try again.

And when I try again, I still get the same error.

routes:

    r.GET("/upload/photo/", hr.Handler(alice.
        New(acl.DisallowAnon).
        ThenFunc(controller.UploadPhotoGET)))

    r.POST("/upload/photo/", hr.Handler(alice.
        New(acl.DisallowAnon).
        ThenFunc(controller.UploadPhotoPOST)))

controllers:

func UploadPhotoGET(w http.ResponseWriter, r *http.Request) {

    sess := session.Instance(r)

    // Display the view
    v := view.New(r)
    v.Name = "article/upload"
    v.Vars["token"] = csrfbanana.Token(w, r, sess)
    v.Render(w)

}

func UploadPhotoPOST(w http.ResponseWriter, r *http.Request) {

//handle photo upload
var filename string
file, header, err := r.FormFile("uploadfile")

if err != nil {
    log.Println(err)
}
if header.Filename == "" {
    fmt.Println("\n\n NO file uploaded")

} else {
    data, err := ioutil.ReadAll(file)
    if err != nil {
        io.WriteString(w, err.Error())
        return
    }
    filename = path.Join("static/pics" + utils.RandString(5) + path.Ext(header.Filename))
    err = ioutil.WriteFile(filename, data, 0777)
    if err != nil {
        io.WriteString(w, err.Error())
        return
    }
    //resize photo
    filetoopen := filename
    img, err := imaging.Open(filetoopen)
    if err != nil {
        panic(err)
    }
    picname := filename
    thumbnail := imaging.Resize(img, 620, 0, imaging.Lanczos)
    // save cropped image
    err = imaging.Save(thumbnail, picname)
    if err != nil {
        fmt.Println(err)
    }
}

// Display the view
v := view.New(r)
v.Name = "article/upload"
v.Vars["message"] = "message"
v.Vars["url"] = filename
v.Render(w)

}

template:

{{define "title"}}Upload Photo{{end}}
{{define "head"}}{{end}}

{{define "content"}}
<div>
    <div>
        <h3>Add Photo</h3>
    </div>

        {{if .prompt}}
             {{.prompt}} 
         {{end}}

         <br>

        {{if .url}}
           {{.url}} 
         {{end}}

            <form action="/upload/photo/" id="form" method="post" enctype="multipart/form-data">
                    <input  type="file" name="uploadfile" />
                    <br>
                    <a title="Save" onclick="document.getElementById('form').submit();">                     Submit
                </a>
            </form> 

</div>

{{end}}
{{define "foot"}}{{end}}

I tried to removing acl.DisallowAnon middleware from the routes, but it had no effect.

I don't get the error when I submit other forms:

It may worth mentioning that I invoke /upload/photo from within a form update page, from a toolbar icon:

                                <a href="/upload/photo/" target="_blank">
                                    <span class="fa fa-picture-o fa-lg"></span>
                                </a>

This bugs me for many hours. Really appreciate your hints.

josephspurrier commented 6 years ago

You need to add your token to the form like this:

https://github.com/josephspurrier/gowebapp/blob/master/template/login/login.tmpl#L22