From 6a4f1aee179a25b62b02deffd0ad97914cbcca87 Mon Sep 17 00:00:00 2001 From: xengineering Date: Sun, 3 Mar 2024 16:56:42 +0100 Subject: Add ID to URL in recipe updates This makes the update URL more consistent with the other ones. A check ensures consistency of the URL and JSON ID values. --- controller/recipe.go | 5 +++++ main.go | 2 +- view/html/recipe-edit.html | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/controller/recipe.go b/controller/recipe.go index 259e3bc..e58092a 100644 --- a/controller/recipe.go +++ b/controller/recipe.go @@ -24,6 +24,11 @@ func RecipeUpdate(w http.ResponseWriter, r *http.Request) { return } + if recipe.Id != mux.Vars(r)[`id`] { + http.Error(w, "IDs in URL and JSON do not match", http.StatusBadRequest) + return + } + err = recipe.Update() if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) diff --git a/main.go b/main.go index ec061c2..1660088 100644 --- a/main.go +++ b/main.go @@ -48,7 +48,7 @@ func startServer(addr string) *http.Server { r.HandleFunc("/recipes", view.RecipesRead).Methods(`GET`) r.HandleFunc("/recipe/{id:[0-9]+}", view.RecipeRead).Methods(`GET`) - r.HandleFunc("/recipe", controller.RecipeUpdate).Methods(`POST`) + r.HandleFunc("/recipe/{id:[0-9]+}", controller.RecipeUpdate).Methods(`POST`) r.HandleFunc("/recipe/{id:[0-9]+}", controller.RecipeDelete).Methods(`DELETE`) r.HandleFunc("/favicon.ico", view.FaviconRead).Methods(`GET`) diff --git a/view/html/recipe-edit.html b/view/html/recipe-edit.html index 2513be8..d7d9b45 100644 --- a/view/html/recipe-edit.html +++ b/view/html/recipe-edit.html @@ -10,7 +10,7 @@