add XSRFExpire
Showing
3 changed files
with
13 additions
and
1 deletions
| ... | @@ -46,6 +46,7 @@ var ( | ... | @@ -46,6 +46,7 @@ var ( |
| 46 | ErrorsShow bool //set weather show errors | 46 | ErrorsShow bool //set weather show errors |
| 47 | XSRFKEY string //set XSRF | 47 | XSRFKEY string //set XSRF |
| 48 | EnableXSRF bool | 48 | EnableXSRF bool |
| 49 | XSRFExpire int | ||
| 49 | CopyRequestBody bool //When in raw application, You want to the reqeustbody | 50 | CopyRequestBody bool //When in raw application, You want to the reqeustbody |
| 50 | ) | 51 | ) |
| 51 | 52 | ||
| ... | @@ -76,6 +77,7 @@ func init() { | ... | @@ -76,6 +77,7 @@ func init() { |
| 76 | HttpServerTimeOut = 0 | 77 | HttpServerTimeOut = 0 |
| 77 | ErrorsShow = true | 78 | ErrorsShow = true |
| 78 | XSRFKEY = "beegoxsrf" | 79 | XSRFKEY = "beegoxsrf" |
| 80 | XSRFExpire = 60 | ||
| 79 | ParseConfig() | 81 | ParseConfig() |
| 80 | } | 82 | } |
| 81 | 83 | ... | ... |
| ... | @@ -195,6 +195,9 @@ func ParseConfig() (err error) { | ... | @@ -195,6 +195,9 @@ func ParseConfig() (err error) { |
| 195 | if enablexsrf, err := AppConfig.Bool("enablexsrf"); err == nil { | 195 | if enablexsrf, err := AppConfig.Bool("enablexsrf"); err == nil { |
| 196 | EnableXSRF = enablexsrf | 196 | EnableXSRF = enablexsrf |
| 197 | } | 197 | } |
| 198 | if expire, err := AppConfig.Int("xsrfexpire"); err == nil { | ||
| 199 | XSRFExpire = expire | ||
| 200 | } | ||
| 198 | } | 201 | } |
| 199 | return nil | 202 | return nil |
| 200 | } | 203 | } | ... | ... |
| ... | @@ -35,6 +35,7 @@ type Controller struct { | ... | @@ -35,6 +35,7 @@ type Controller struct { |
| 35 | _xsrf_token string | 35 | _xsrf_token string |
| 36 | gotofunc string | 36 | gotofunc string |
| 37 | CruSession session.SessionStore | 37 | CruSession session.SessionStore |
| 38 | XSRFExpire int | ||
| 38 | } | 39 | } |
| 39 | 40 | ||
| 40 | type ControllerInterface interface { | 41 | type ControllerInterface interface { |
| ... | @@ -353,7 +354,13 @@ func (c *Controller) XsrfToken() string { | ... | @@ -353,7 +354,13 @@ func (c *Controller) XsrfToken() string { |
| 353 | fmt.Fprintf(h, "%s:%d", c.Ctx.Request.RemoteAddr, time.Now().UnixNano()) | 354 | fmt.Fprintf(h, "%s:%d", c.Ctx.Request.RemoteAddr, time.Now().UnixNano()) |
| 354 | tok := fmt.Sprintf("%s:%d", h.Sum(nil), time.Now().UnixNano()) | 355 | tok := fmt.Sprintf("%s:%d", h.Sum(nil), time.Now().UnixNano()) |
| 355 | token = base64.URLEncoding.EncodeToString([]byte(tok)) | 356 | token = base64.URLEncoding.EncodeToString([]byte(tok)) |
| 356 | c.Ctx.SetCookie("_xsrf", token) | 357 | expire := 0 |
| 358 | if c.XSRFExpire > 0 { | ||
| 359 | expire = c.XSRFExpire | ||
| 360 | } else { | ||
| 361 | expire = XSRFExpire | ||
| 362 | } | ||
| 363 | c.Ctx.SetCookie("_xsrf", token, expire) | ||
| 357 | } | 364 | } |
| 358 | c._xsrf_token = token | 365 | c._xsrf_token = token |
| 359 | } | 366 | } | ... | ... |
-
Please register or sign in to post a comment