Add plumbing to make CSRF token testable

bryphe-coder · bryphe-coder · commit cf8b4e053941 · 2022-03-09T04:38:37.000Z
diff --git a/site/embed.go b/site/embed.go
@@ -28,6 +28,9 @@ import (
 //go:embed out/bin/*
 var site embed.FS
 
+// HTMLTemplateHandler is a function that defines how `htmlState` is populated
+type HTMLTemplateHandler func(*http.Request) HtmlState
+
 // DefaultHandler returns an HTTP handler for serving the static site,
 // based on the `embed.FS` compiled into the binary.
 func DefaultHandler(logger slog.Logger) http.Handler {
@@ -37,23 +40,21 @@ func DefaultHandler(logger slog.Logger) http.Handler {
 		panic(err)
 	}
 
-	return Handler(filesystem, logger)
+	templateFunc := func(r *http.Request) HtmlState {
+		return HtmlState{
+			// CSP nonce for the given request (if there is one present)
+			CSPNonce: secure.CSPNonce(r.Context()),
+			// CSRF token for the given request
+			CSRFToken: nosurf.Token(r),
+		}
+	}
+
+	return Handler(filesystem, logger, templateFunc)
 }
 
 // Handler returns an HTTP handler for serving the static site.
 // This takes a filesystem as a parameter.
-func Handler(filesystem fs.FS, logger slog.Logger) http.Handler {
-	// Render CSP and CSRF in the served pages
-	// TODO: Bring back templates
-	_ = func(r *http.Request) interface{} {
-		return htmlState{
-			// Nonce is the CSP nonce for the given request (if there is one present)
-			CSP: cspState{Nonce: secure.CSPNonce(r.Context())},
-			// Token is the CSRF token for the given request
-			CSRF: csrfState{Token: nosurf.Token(r)},
-		}
-	}
-
+func Handler(filesystem fs.FS, logger slog.Logger, templateFunc HTMLTemplateHandler) http.Handler {
 	router := chi.NewRouter()
 
 	staticFileHandler, err := serveFiles(filesystem, logger)
@@ -137,17 +138,9 @@ func serveFiles(fileSystem fs.FS, logger slog.Logger) (http.HandlerFunc, error)
 	return serveFunc, nil
 }
 
-type htmlState struct {
-	CSP  cspState
-	CSRF csrfState
-}
-
-type cspState struct {
-	Nonce string
-}
-
-type csrfState struct {
-	Token string
+type HtmlState struct {
+	CSPNonce  string
+	CSRFToken string
 }
 
 // cspDirectives is a map of all csp fetch directives to their values.
diff --git a/site/embed_test.go b/site/embed_test.go
@@ -28,7 +28,7 @@ func TestIndexPageRenders(t *testing.T) {
 		},
 	}
 
-	srv := httptest.NewServer(site.Handler(rootFS, slog.Logger{}))
+	srv := httptest.NewServer(site.Handler(rootFS, slog.Logger{}, defaultTemplateFunc))
 
 	req, err := http.NewRequestWithContext(context.Background(), "GET", srv.URL, nil)
 	require.NoError(t, err)
@@ -48,7 +48,7 @@ func TestNestedPathsRenderIndex(t *testing.T) {
 		},
 	}
 
-	srv := httptest.NewServer(site.Handler(rootFS, slog.Logger{}))
+	srv := httptest.NewServer(site.Handler(rootFS, slog.Logger{}, defaultTemplateFunc))
 
 	path := srv.URL + "/some/nested/path"
 
@@ -77,7 +77,7 @@ func TestCacheHeaderseAreCorrect(t *testing.T) {
 		},
 	}
 
-	srv := httptest.NewServer(site.Handler(rootFS, slog.Logger{}))
+	srv := httptest.NewServer(site.Handler(rootFS, slog.Logger{}, defaultTemplateFunc))
 
 	dynamicPaths := []string{
 		"/",
@@ -123,6 +123,13 @@ func TestCacheHeaderseAreCorrect(t *testing.T) {
 
 }
 
+func defaultTemplateFunc(r *http.Request) site.HtmlState {
+	return site.HtmlState{
+		CSPNonce:  "test-csp-none",
+		CSRFToken: "test-csrf-token",
+	}
+}
+
 /*func TestNestedPageRenders(t *testing.T) {
 	t.Parallel()
 
