user authentication

2025-08-25 21:19:15 +01:00
parent 6c82e2014c
commit e21a0b5b10
23 changed files with 2479 additions and 189 deletions
--- a/web/templates/folder.html
+++ b/web/templates/folder.html
@@ -26,7 +26,7 @@
            <button id="upload-btn" class="btn-primary">
                <i class="fas fa-upload mr-2"></i>Upload File
            </button>
-            <a href="/create?folder={{.folder_path}}" class="btn-secondary">
+            <a href="/editor/create?folder={{.folder_path}}" class="btn-secondary">
                <i class="fas fa-plus mr-2"></i>New Note
            </a>
        </div>
@@ -70,12 +70,12 @@
                    </div>
                    <div class="flex items-center space-x-2">
                        {{if eq .Type "md"}}
-                            <a href="/edit/{{.Path}}" class="text-blue-400 hover:text-blue-300 p-2" title="Edit">
+                            <a href="/editor/edit/{{.Path}}" class="text-blue-400 hover:text-blue-300 p-2" title="Edit">
                                <i class="fas fa-edit"></i>
                            </a>
                        {{end}}
                        {{if eq .Type "text"}}
-                            <a href="/edit_text/{{.Path}}" class="text-blue-400 hover:text-blue-300 p-2" title="Edit">
+                            <a href="/editor/edit_text/{{.Path}}" class="text-blue-400 hover:text-blue-300 p-2" title="Edit">
                                <i class="fas fa-edit"></i>
                            </a>
                        {{end}}
@@ -179,8 +179,11 @@
            formData.append('file', file);
        }

-        fetch('/upload', {
+        const m = document.cookie.match(/(?:^|; )csrf_token=([^;]+)/);
+        const csrf = m && m[1] ? decodeURIComponent(m[1]) : '';
+        fetch('/editor/upload', {
            method: 'POST',
+            headers: csrf ? { 'X-CSRF-Token': csrf } : {},
            body: formData
        })
        .then(response => response.json())
@@ -237,8 +240,11 @@

    document.getElementById('confirm-delete').addEventListener('click', function() {
        if (deleteTarget) {
-            fetch('/delete/' + deleteTarget, {
-                method: 'DELETE'
+            const m = document.cookie.match(/(?:^|; )csrf_token=([^;]+)/);
+            const csrf = m && m[1] ? decodeURIComponent(m[1]) : '';
+            fetch('/editor/delete/' + deleteTarget, {
+                method: 'DELETE',
+                headers: csrf ? { 'X-CSRF-Token': csrf } : {}
            })
            .then(response => response.json())
            .then(data => {