Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
B
beego
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
go
beego
Commits
d2a16ff8
Commit
d2a16ff8
authored
Jul 08, 2013
by
astaxie
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
fix #26 add xsrf function
parent
f1e50596
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
58 additions
and
0 deletions
+58
-0
beego.go
beego.go
+2
-0
config.go
config.go
+3
-0
context.go
context.go
+8
-0
controller.go
controller.go
+45
-0
No files found.
beego.go
View file @
d2a16ff8
...
@@ -44,6 +44,7 @@ var (
...
@@ -44,6 +44,7 @@ var (
EnbaleHotUpdate
bool
//enable HotUpdate default is false
EnbaleHotUpdate
bool
//enable HotUpdate default is false
HttpServerTimeOut
int64
HttpServerTimeOut
int64
ErrorsShow
bool
ErrorsShow
bool
XSRFKEY
string
)
)
func
init
()
{
func
init
()
{
...
@@ -72,6 +73,7 @@ func init() {
...
@@ -72,6 +73,7 @@ func init() {
AppConfigPath
=
path
.
Join
(
AppPath
,
"conf"
,
"app.conf"
)
AppConfigPath
=
path
.
Join
(
AppPath
,
"conf"
,
"app.conf"
)
HttpServerTimeOut
=
0
HttpServerTimeOut
=
0
ErrorsShow
=
true
ErrorsShow
=
true
XSRFKEY
=
"beegoxsrf"
ParseConfig
()
ParseConfig
()
}
}
...
...
config.go
View file @
d2a16ff8
...
@@ -186,6 +186,9 @@ func ParseConfig() (err error) {
...
@@ -186,6 +186,9 @@ func ParseConfig() (err error) {
if
errorsshow
,
err
:=
AppConfig
.
Bool
(
"errorsshow"
);
err
==
nil
{
if
errorsshow
,
err
:=
AppConfig
.
Bool
(
"errorsshow"
);
err
==
nil
{
ErrorsShow
=
errorsshow
ErrorsShow
=
errorsshow
}
}
if
xsrfkey
:=
AppConfig
.
String
(
"xsrfkey"
);
xsrfkey
!=
""
{
XSRFKEY
=
xsrfkey
}
}
}
return
nil
return
nil
}
}
context.go
View file @
d2a16ff8
...
@@ -101,3 +101,11 @@ var cookieValueSanitizer = strings.NewReplacer("\n", " ", "\r", " ", ";", " ")
...
@@ -101,3 +101,11 @@ var cookieValueSanitizer = strings.NewReplacer("\n", " ", "\r", " ", ";", " ")
func
sanitizeValue
(
v
string
)
string
{
func
sanitizeValue
(
v
string
)
string
{
return
cookieValueSanitizer
.
Replace
(
v
)
return
cookieValueSanitizer
.
Replace
(
v
)
}
}
func
(
ctx
*
Context
)
GetCookie
(
key
string
)
string
{
keycookie
,
err
:=
ctx
.
Request
.
Cookie
(
key
)
if
err
!=
nil
{
return
""
}
return
keycookie
.
Value
}
controller.go
View file @
d2a16ff8
...
@@ -4,9 +4,13 @@ import (
...
@@ -4,9 +4,13 @@ import (
"bytes"
"bytes"
"compress/gzip"
"compress/gzip"
"compress/zlib"
"compress/zlib"
"crypto/hmac"
"crypto/sha1"
"encoding/base64"
"encoding/json"
"encoding/json"
"encoding/xml"
"encoding/xml"
"errors"
"errors"
"fmt"
"github.com/astaxie/beego/session"
"github.com/astaxie/beego/session"
"html/template"
"html/template"
"io"
"io"
...
@@ -18,6 +22,7 @@ import (
...
@@ -18,6 +22,7 @@ import (
"path"
"path"
"strconv"
"strconv"
"strings"
"strings"
"time"
)
)
type
Controller
struct
{
type
Controller
struct
{
...
@@ -27,6 +32,7 @@ type Controller struct {
...
@@ -27,6 +32,7 @@ type Controller struct {
TplNames
string
TplNames
string
Layout
string
Layout
string
TplExt
string
TplExt
string
_xsrf_token
string
CruSession
session
.
SessionStore
CruSession
session
.
SessionStore
}
}
...
@@ -331,3 +337,42 @@ func (c *Controller) DelSession(name interface{}) {
...
@@ -331,3 +337,42 @@ func (c *Controller) DelSession(name interface{}) {
func
(
c
*
Controller
)
IsAjax
()
bool
{
func
(
c
*
Controller
)
IsAjax
()
bool
{
return
(
c
.
Ctx
.
Request
.
Header
.
Get
(
"HTTP_X_REQUESTED_WITH"
)
==
"XMLHttpRequest"
)
return
(
c
.
Ctx
.
Request
.
Header
.
Get
(
"HTTP_X_REQUESTED_WITH"
)
==
"XMLHttpRequest"
)
}
}
func
(
c
*
Controller
)
XsrfToken
()
string
{
if
c
.
_xsrf_token
==
""
{
token
:=
c
.
Ctx
.
GetCookie
(
"_xsrf"
)
if
token
==
""
{
h
:=
hmac
.
New
(
sha1
.
New
,
[]
byte
(
XSRFKEY
))
fmt
.
Fprintf
(
h
,
"%s:%d"
,
c
.
Ctx
.
Request
.
RemoteAddr
,
time
.
Now
()
.
UnixNano
())
tok
:=
fmt
.
Sprintf
(
"%s:%d"
,
h
.
Sum
(
nil
),
time
.
Now
()
.
UnixNano
())
token
:=
base64
.
URLEncoding
.
EncodeToString
([]
byte
(
tok
))
c
.
Ctx
.
SetCookie
(
"_xsrf"
,
token
)
}
c
.
_xsrf_token
=
token
}
return
c
.
_xsrf_token
}
func
(
c
*
Controller
)
CheckXsrfCookie
()
bool
{
token
:=
c
.
GetString
(
"_xsrf"
)
if
token
==
""
{
token
=
c
.
Ctx
.
Request
.
Header
.
Get
(
"X-Xsrftoken"
)
}
if
token
==
""
{
token
=
c
.
Ctx
.
Request
.
Header
.
Get
(
"X-Csrftoken"
)
}
if
token
==
""
{
c
.
Ctx
.
Abort
(
403
,
"'_xsrf' argument missing from POST"
)
}
if
c
.
_xsrf_token
!=
token
{
c
.
Ctx
.
Abort
(
403
,
"XSRF cookie does not match POST argument"
)
}
return
true
}
func
(
c
*
Controller
)
XsrfFormHtml
()
string
{
return
"<input type=
\"
hidden
\"
name=
\"
_xsrf
\"
value=
\"
"
+
c
.
_xsrf_token
+
"
\"
/>"
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment