Add csrf protection

controllers/users.go

@@ -2,12 +2,14 @@ package controllers
 
 import (
 	"fmt"
+	"html/template"
 	"net/http"
 	"strings"
 
 	"git.kealoha.me/lks/lenslocked/models"
 	"git.kealoha.me/lks/lenslocked/templates"
 	"git.kealoha.me/lks/lenslocked/views"
+	"github.com/gorilla/csrf"
 )
 
 type Users struct {
@@ -20,9 +22,11 @@ type Users struct {
 
 func (u Users) GetSignup(w http.ResponseWriter, r *http.Request) {
 	var data struct {
-		Email string
+		Email     string
+		CSRFField template.HTML
 	}
 	data.Email = r.FormValue("email")
+	data.CSRFField = csrf.TemplateField(r)
 	u.Templates.Signup.Execute(w, data)
 }
 
@@ -40,9 +44,11 @@ func (u Users) PostSignup(w http.ResponseWriter, r *http.Request) {
 
 func (u Users) GetSignin(w http.ResponseWriter, r *http.Request) {
 	var data struct {
-		Email string
+		Email     string
+		CSRFField template.HTML
 	}
 	data.Email = r.FormValue("email")
+	data.CSRFField = csrf.TemplateField(r)
 	u.Templates.Signin.Execute(w, data)
 }
 func (u Users) PostSignin(w http.ResponseWriter, r *http.Request) {