Don't use EDIT method, only POSTs should use alt methods

2022-05-20 19:19:32 -06:00 · 2022-05-20 19:19:32 -06:00 · 1181af0318
commit 1181af0318
parent c4692f72e3
3 changed files with 15 additions and 9 deletions
--- a/srv/src/http/api.go
+++ b/srv/src/http/api.go
@ -204,8 +204,7 @@ func (a *api) handler() http.Handler {

 	mux.Handle("/posts/", http.StripPrefix("/posts",
 		apiutil.MethodMux(map[string]http.Handler{
-			"GET":  a.renderPostHandler(),
-			"EDIT": a.editPostHandler(),
+			"GET": a.renderPostHandler(),
 			"POST": authMiddleware(a.auther,
 				formMiddleware(a.postPostHandler()),
 			),
--- a/srv/src/http/posts.go
+++ b/srv/src/http/posts.go
@ -84,14 +84,20 @@ func (a *api) postToPostTplPayload(storedPost post.StoredPost) (postTplPayload,
 func (a *api) renderPostHandler() http.Handler {

 	tpl := a.mustParseBasedTpl("post.html")
-	renderIndexHandler := a.renderPostsIndexHandler()
+	renderPostsIndexHandler := a.renderPostsIndexHandler()
+	renderEditPostHandler := a.renderEditPostHandler()

 	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {

 		id := strings.TrimSuffix(filepath.Base(r.URL.Path), ".html")

 		if id == "/" {
-			renderIndexHandler.ServeHTTP(rw, r)
+			renderPostsIndexHandler.ServeHTTP(rw, r)
+			return
+		}
+
+		if _, ok := r.URL.Query()["edit"]; ok {
+			renderEditPostHandler.ServeHTTP(rw, r)
 			return
 		}

@ -167,7 +173,7 @@ func (a *api) renderPostsIndexHandler() http.Handler {
 	})
 }

-func (a *api) editPostHandler() http.Handler {
+func (a *api) renderEditPostHandler() http.Handler {

 	tpl := a.mustParseBasedTpl("edit-post.html")

@ -208,8 +214,9 @@ func postFromPostReq(r *http.Request) (post.Post, error) {
 	}

 	// textareas encode newlines as CRLF for historical reasons
+	p.Body = r.PostFormValue("body")
 	p.Body = strings.ReplaceAll(p.Body, "\r\n", "\n")
-	p.Body = strings.TrimSpace(r.PostFormValue("body"))
+	p.Body = strings.TrimSpace(p.Body)

 	if p.ID == "" ||
 		p.Title == "" ||
@ -239,7 +246,7 @@ func (a *api) postPostHandler() http.Handler {
 			return
 		}

-		redirectPath := fmt.Sprintf("posts/%s?method=edit", p.ID)
+		redirectPath := fmt.Sprintf("posts/%s?edit", p.ID)

 		a.executeRedirectTpl(rw, r, redirectPath)
 	})
--- a/srv/src/http/tpl/posts.html
+++ b/srv/src/http/tpl/posts.html
@ -22,7 +22,7 @@


  <p style="text-align: center;">
-    <a href="{{ BlogURL "posts/" }}?method=edit">
+    <a href="{{ BlogURL "posts/" }}?edit">
      <button>New Post</button>
    </a>
  </p>
@ -36,7 +36,7 @@
        <td>{{ .PublishedAt }}</td>
        <td><a href="{{ PostURL .ID }}" target="_blank">{{ .Title }}</a></td>
        <td>
-          <a href="{{ PostURL .ID }}?method=edit">
+          <a href="{{ PostURL .ID }}?edit">
            <button>Edit</button>
          </a>
        </td>