add rate limiting, CSRF, newsletter, auto-checker, /uses and /projects pages

internal/handler/handler.go

@@ -8,28 +8,35 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+	"time"
 
 	"ridgwaysystems.org/website/internal/blog"
+	"ridgwaysystems.org/website/internal/newsletter"
+	"ridgwaysystems.org/website/internal/ratelimit"
 )
 
 // Handler holds shared dependencies for all HTTP handlers.
 type Handler struct {
 	store        *blog.Store
+	news         *newsletter.Store
 	dataDir      string
 	templates    map[string]*template.Template
 	siteURL      string
 	contactEmail string
 	devMode      bool
+	postLimit    *ratelimit.Limiter // rate-limits contact + newsletter POSTs
 }
 
 // New creates a Handler. dataDir is the path to the data/ directory.
-func New(store *blog.Store, dataDir string) *Handler {
+func New(store *blog.Store, news *newsletter.Store, dataDir string) *Handler {
 	h := &Handler{
 		store:        store,
+		news:         news,
 		dataDir:      dataDir,
 		siteURL:      getenv("SITE_URL", "https://ridgwaysystems.org"),
 		contactEmail: getenv("CONTACT_EMAIL", "hire@ridgwaysystems.org"),
 		devMode:      os.Getenv("DEV") == "1",
+		postLimit:    ratelimit.New(10*time.Minute, 5),
 	}
 	if !h.devMode {
 		h.templates = mustLoadTemplates()
@@ -74,12 +81,15 @@ func mustLoadTemplates() map[string]*template.Template {
 		{"about", "templates/about.html"},
 		{"hire", "templates/hire.html"},
 		{"resume", "templates/resume.html"},
+		{"uses", "templates/uses.html"},
+		{"projects", "templates/projects.html"},
 		{"error", "templates/error.html"},
 		{"admin-login", "templates/admin/login.html"},
 		{"admin-dashboard", "templates/admin/dashboard.html"},
 		{"admin-editor", "templates/admin/editor.html"},
 		{"admin-status", "templates/admin/status.html"},
 		{"admin-uploads", "templates/admin/uploads.html"},
+		{"admin-newsletter", "templates/admin/newsletter.html"},
 	}
 
 	for _, p := range pages {