user authentication

web/templates/note.html

@@ -9,15 +9,19 @@
         <div class="flex items-center justify-between mb-4">
             <h1 class="text-3xl font-bold text-white">{{.title}}</h1>
             <div class="flex items-center space-x-3">
-                <a href="/edit/{{.note_path}}" class="btn-primary">
+                {{if .Authenticated}}
+                <a href="/editor/edit/{{.note_path}}" class="btn-primary">
                     <i class="fas fa-edit mr-2"></i>Edit
                 </a>
+                {{end}}
                 <a href="/download/{{.note_path}}" class="btn-secondary">
                     <i class="fas fa-download mr-2"></i>Download
                 </a>
+                {{if .Authenticated}}
                 <button class="btn-danger delete-note-btn" data-path="{{.note_path}}">
                     <i class="fas fa-trash mr-2"></i>Delete
                 </button>
+                {{end}}
             </div>
         </div>
         
@@ -73,8 +77,11 @@ document.addEventListener('DOMContentLoaded', function() {
     if (confirmBtn) {
         confirmBtn.addEventListener('click', function() {
             const path = deleteBtn.dataset.path;
-            fetch(`/delete/${path}`, {
-                method: 'DELETE'
+            const m = document.cookie.match(/(?:^|; )csrf_token=([^;]+)/);
+            const csrf = m && m[1] ? decodeURIComponent(m[1]) : '';
+            fetch(`/editor/delete/${path}`, {
+                method: 'DELETE',
+                headers: csrf ? { 'X-CSRF-Token': csrf } : {}
             })
             .then(response => {
                 if (response.ok) {