Skip to content
Toggle navigation
Toggle navigation
This project
Loading...
Sign in
张磊
/
FileStorageBeego
Go to a project
Toggle navigation
Toggle navigation pinning
Projects
Groups
Snippets
Help
Project
Activity
Repository
Pipelines
Graphs
Issues
0
Merge Requests
0
Wiki
Network
Create a new issue
Builds
Commits
Issue Boards
Files
Commits
Network
Compare
Branches
Tags
f9a31ea0
authored
2013-08-06 23:21:52 +0800
by
astaxie
Browse Files
Options
Browse Files
Tag
Download
Email Patches
Plain Diff
EnableXSRF
1 parent
2fa534ff
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
26 additions
and
2 deletions
beego.go
config.go
controller.go
router.go
beego.go
View file @
f9a31ea
...
...
@@ -45,6 +45,7 @@ var (
HttpServerTimeOut
int64
//set httpserver timeout
ErrorsShow
bool
//set weather show errors
XSRFKEY
string
//set XSRF
EnableXSRF
bool
CopyRequestBody
bool
//When in raw application, You want to the reqeustbody
)
...
...
config.go
View file @
f9a31ea
...
...
@@ -192,6 +192,9 @@ func ParseConfig() (err error) {
if
xsrfkey
:=
AppConfig
.
String
(
"xsrfkey"
);
xsrfkey
!=
""
{
XSRFKEY
=
xsrfkey
}
if
enablexsrf
,
err
:=
AppConfig
.
Bool
(
"enablexsrf"
);
err
==
nil
{
EnableXSRF
=
enablexsrf
}
}
return
nil
}
...
...
controller.go
View file @
f9a31ea
...
...
@@ -352,7 +352,7 @@ func (c *Controller) XsrfToken() string {
h
:=
hmac
.
New
(
sha1
.
New
,
[]
byte
(
XSRFKEY
))
fmt
.
Fprintf
(
h
,
"%s:%d"
,
c
.
Ctx
.
Request
.
RemoteAddr
,
time
.
Now
()
.
UnixNano
())
tok
:=
fmt
.
Sprintf
(
"%s:%d"
,
h
.
Sum
(
nil
),
time
.
Now
()
.
UnixNano
())
token
:
=
base64
.
URLEncoding
.
EncodeToString
([]
byte
(
tok
))
token
=
base64
.
URLEncoding
.
EncodeToString
([]
byte
(
tok
))
c
.
Ctx
.
SetCookie
(
"_xsrf"
,
token
)
}
c
.
_xsrf_token
=
token
...
...
@@ -362,7 +362,6 @@ func (c *Controller) XsrfToken() string {
func
(
c
*
Controller
)
CheckXsrfCookie
()
bool
{
token
:=
c
.
GetString
(
"_xsrf"
)
if
token
==
""
{
token
=
c
.
Ctx
.
Request
.
Header
.
Get
(
"X-Xsrftoken"
)
}
...
...
router.go
View file @
f9a31ea
...
...
@@ -452,6 +452,17 @@ func (p *ControllerRegistor) ServeHTTP(rw http.ResponseWriter, r *http.Request)
method
:=
vc
.
MethodByName
(
"Prepare"
)
method
.
Call
(
in
)
//if XSRF is Enable then check cookie where there has any cookie in the request's cookie _csrf
if
EnableXSRF
{
method
=
vc
.
MethodByName
(
"XsrfToken"
)
method
.
Call
(
in
)
if
r
.
Method
==
"POST"
||
r
.
Method
==
"DELETE"
||
r
.
Method
==
"PUT"
||
(
r
.
Method
==
"POST"
&&
(
r
.
Form
.
Get
(
"_method"
)
==
"delete"
||
r
.
Form
.
Get
(
"_method"
)
==
"put"
))
{
method
=
vc
.
MethodByName
(
"CheckXsrfCookie"
)
method
.
Call
(
in
)
}
}
//if response has written,yes don't run next
if
!
w
.
started
{
if
r
.
Method
==
"GET"
{
...
...
@@ -581,6 +592,16 @@ func (p *ControllerRegistor) ServeHTTP(rw http.ResponseWriter, r *http.Request)
method
.
Call
(
in
)
method
=
vc
.
MethodByName
(
mName
)
method
.
Call
(
in
)
//if XSRF is Enable then check cookie where there has any cookie in the request's cookie _csrf
if
EnableXSRF
{
method
=
vc
.
MethodByName
(
"XsrfToken"
)
method
.
Call
(
in
)
if
r
.
Method
==
"POST"
||
r
.
Method
==
"DELETE"
||
r
.
Method
==
"PUT"
||
(
r
.
Method
==
"POST"
&&
(
r
.
Form
.
Get
(
"_method"
)
==
"delete"
||
r
.
Form
.
Get
(
"_method"
)
==
"put"
))
{
method
=
vc
.
MethodByName
(
"CheckXsrfCookie"
)
method
.
Call
(
in
)
}
}
if
!
w
.
started
{
if
AutoRender
{
method
=
vc
.
MethodByName
(
"Render"
)
...
...
Write
Preview
Styling with
Markdown
is supported
Attach a file
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to post a comment
