Various small fixes

core/jsondb/jsondb.go

@@ -4,6 +4,7 @@ package jsondb
 import (
 	"encoding/json"
 	"errors"
+	"fmt"
 	"io/ioutil"
 	"os"
 	"path/filepath"
@@ -26,6 +27,7 @@ var (
 
 // New initializes the JSON database.
 func New(root string) *DB {
+	log.Info("Initialized JsonDB at root: %s", root)
 	return &DB{
 		Root: root,
 	}
@@ -60,14 +62,17 @@ func (db *DB) Commit(document string, v interface{}) error {
 	path := db.toPath(document)
 
 	// Ensure the directory tree is ready.
-	db.makePath(path)
-
-	// Write the document.
-	err := db.writeJSON(path, v)
+	err := db.makePath(path)
 	if err != nil {
 		return err
 	}
 
+	// Write the document.
+	err = db.writeJSON(path, v)
+	if err != nil {
+		return fmt.Errorf("failed to write JSON to path %s: %s", path, err.Error())
+	}
+
 	return nil
 }
 
@@ -107,7 +112,7 @@ func (db *DB) ListAll(path string) ([]string, error) {
 func (db *DB) makePath(path string) error {
 	parts := strings.Split(path, string(filepath.Separator))
 	parts = parts[:len(parts)-1] // pop off the filename
-	directory := filepath.Join(parts...)
+	directory := "/" + filepath.Join(parts...)
 
 	if _, err := os.Stat(directory); err != nil {
 		log.Debug("[JsonDB] Create directory: %s", directory)

core/middleware.go

@@ -44,8 +44,9 @@ func (b *Blog) Session(r *http.Request) *sessions.Session {
 func (b *Blog) CSRFMiddleware(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
 	if r.Method == "POST" {
 		session := b.Session(r)
-		token, ok := session.Values["csrf"].(string)
-		if !ok || token != r.FormValue("_csrf") {
+		token := b.GenerateCSRFToken(w, r, session)
+		if token != r.FormValue("_csrf") {
+			log.Error("CSRF Mismatch: expected %s, got %s", r.FormValue("_csrf"), token)
 			b.Forbidden(w, r, "Failed to validate CSRF token. Please try your request again.")
 			return
 		}

core/pages.go

@@ -85,7 +85,7 @@ func (b *Blog) ResolvePath(path string) (Filepath, error) {
 	}
 
 	debug("Resolving filepath for URI: %s", path)
-	for _, root := range []string{b.DocumentRoot, b.UserRoot} {
+	for _, root := range []string{b.UserRoot, b.DocumentRoot} {
 		if len(root) == 0 {
 			continue
 		}

core/templates.go

@@ -4,6 +4,7 @@ import (
 	"html/template"
 	"net/http"
 	"strings"
+	"time"
 
 	"github.com/kirsle/blog/core/forms"
 	"github.com/kirsle/blog/core/models/settings"
@@ -108,6 +109,7 @@ func (b *Blog) RenderTemplate(w http.ResponseWriter, r *http.Request, path strin
 	// Useful template functions.
 	t := template.New(filepath.Absolute).Funcs(template.FuncMap{
 		"StringsJoin": strings.Join,
+		"Now":         time.Now,
 		"RenderPost":  b.RenderPost,
 		"RenderComments": func(subject string, ids ...string) template.HTML {
 			session := b.Session(r)

root/.layout.gohtml

@@ -1,4 +1,4 @@
-{{ define "title" }}WTF?{{ end }}
+{{ define "title" }}{{ end }}
 {{ define "scripts" }}{{ end }}
 
 {{ define "layout" }}

root/admin/settings.gohtml

@@ -2,9 +2,8 @@
 {{ define "content" }}
 <form action="/admin/settings" method="POST">
 <input type="hidden" name="_csrf" value="{{ .CSRF }}">
-<div class="card">
+
 {{ with .Data.s }}
-    <div class="card-body">
     <h3>The Basics</h3>
 
     <div class="form-group">
@@ -155,9 +154,7 @@
         <button type="submit" class="btn btn-primary">Save Settings</button>
         <a href="/admin" class="btn btn-secondary">Cancel</a>
     </div>
-
-    </div>
 {{ end }}
-</div>
+
 </form>
 {{ end }}