fix #230
Showing
1 changed file
with
14 additions
and
10 deletions
| ... | @@ -326,15 +326,11 @@ func (c *Controller) GetSecureCookie(Secret, key string) (string, bool) { | ... | @@ -326,15 +326,11 @@ func (c *Controller) GetSecureCookie(Secret, key string) (string, bool) { |
| 326 | if fmt.Sprintf("%02x", h.Sum(nil)) != sig { | 326 | if fmt.Sprintf("%02x", h.Sum(nil)) != sig { |
| 327 | return "", false | 327 | return "", false |
| 328 | } | 328 | } |
| 329 | 329 | res, _ := base64.URLEncoding.DecodeString(vs) | |
| 330 | buf := bytes.NewBufferString(val) | ||
| 331 | encoder := base64.NewDecoder(base64.StdEncoding, buf) | ||
| 332 | |||
| 333 | res, _ := ioutil.ReadAll(encoder) | ||
| 334 | return string(res), true | 330 | return string(res), true |
| 335 | } | 331 | } |
| 336 | 332 | ||
| 337 | func (c *Controller) SetSecureCookie(Secret, name, val string, age int) { | 333 | func (c *Controller) SetSecureCookie(Secret, name, val string, age int64) { |
| 338 | vs := base64.URLEncoding.EncodeToString([]byte(val)) | 334 | vs := base64.URLEncoding.EncodeToString([]byte(val)) |
| 339 | timestamp := strconv.FormatInt(time.Now().UnixNano(), 10) | 335 | timestamp := strconv.FormatInt(time.Now().UnixNano(), 10) |
| 340 | h := hmac.New(sha1.New, []byte(Secret)) | 336 | h := hmac.New(sha1.New, []byte(Secret)) |
| ... | @@ -348,11 +344,11 @@ func (c *Controller) XsrfToken() string { | ... | @@ -348,11 +344,11 @@ func (c *Controller) XsrfToken() string { |
| 348 | if c._xsrf_token == "" { | 344 | if c._xsrf_token == "" { |
| 349 | token, ok := c.GetSecureCookie(XSRFKEY, "_xsrf") | 345 | token, ok := c.GetSecureCookie(XSRFKEY, "_xsrf") |
| 350 | if !ok { | 346 | if !ok { |
| 351 | expire := 0 | 347 | var expire int64 |
| 352 | if c.XSRFExpire > 0 { | 348 | if c.XSRFExpire > 0 { |
| 353 | expire = c.XSRFExpire | 349 | expire = int64(c.XSRFExpire) |
| 354 | } else { | 350 | } else { |
| 355 | expire = XSRFExpire | 351 | expire = int64(XSRFExpire) |
| 356 | } | 352 | } |
| 357 | token = GetRandomString(15) | 353 | token = GetRandomString(15) |
| 358 | c.SetSecureCookie(XSRFKEY, "_xsrf", token, expire) | 354 | c.SetSecureCookie(XSRFKEY, "_xsrf", token, expire) |
| ... | @@ -379,8 +375,16 @@ func (c *Controller) CheckXsrfCookie() bool { | ... | @@ -379,8 +375,16 @@ func (c *Controller) CheckXsrfCookie() bool { |
| 379 | } | 375 | } |
| 380 | 376 | ||
| 381 | func (c *Controller) XsrfFormHtml() string { | 377 | func (c *Controller) XsrfFormHtml() string { |
| 378 | var expire int64 | ||
| 379 | if c.XSRFExpire > 0 { | ||
| 380 | expire = int64(c.XSRFExpire) | ||
| 381 | } else { | ||
| 382 | expire = int64(XSRFExpire) | ||
| 383 | } | ||
| 384 | token := GetRandomString(15) | ||
| 385 | c.SetSecureCookie(XSRFKEY, "_xsrf", token, expire) | ||
| 382 | return "<input type=\"hidden\" name=\"_xsrf\" value=\"" + | 386 | return "<input type=\"hidden\" name=\"_xsrf\" value=\"" + |
| 383 | c._xsrf_token + "\"/>" | 387 | token + "\"/>" |
| 384 | } | 388 | } |
| 385 | 389 | ||
| 386 | func (c *Controller) GoToFunc(funcname string) { | 390 | func (c *Controller) GoToFunc(funcname string) { | ... | ... |
-
Please register or sign in to post a comment