1
0
mirror of https://github.com/astaxie/beego.git synced 2024-11-29 19:01:29 +00:00

add XSRFExpire

This commit is contained in:
astaxie 2013-08-07 11:22:23 +08:00
parent b191e96f51
commit 10f4e822c3
3 changed files with 13 additions and 1 deletions

View File

@ -46,6 +46,7 @@ var (
ErrorsShow bool //set weather show errors ErrorsShow bool //set weather show errors
XSRFKEY string //set XSRF XSRFKEY string //set XSRF
EnableXSRF bool EnableXSRF bool
XSRFExpire int
CopyRequestBody bool //When in raw application, You want to the reqeustbody CopyRequestBody bool //When in raw application, You want to the reqeustbody
) )
@ -76,6 +77,7 @@ func init() {
HttpServerTimeOut = 0 HttpServerTimeOut = 0
ErrorsShow = true ErrorsShow = true
XSRFKEY = "beegoxsrf" XSRFKEY = "beegoxsrf"
XSRFExpire = 60
ParseConfig() ParseConfig()
} }

View File

@ -195,6 +195,9 @@ func ParseConfig() (err error) {
if enablexsrf, err := AppConfig.Bool("enablexsrf"); err == nil { if enablexsrf, err := AppConfig.Bool("enablexsrf"); err == nil {
EnableXSRF = enablexsrf EnableXSRF = enablexsrf
} }
if expire, err := AppConfig.Int("xsrfexpire"); err == nil {
XSRFExpire = expire
}
} }
return nil return nil
} }

View File

@ -35,6 +35,7 @@ type Controller struct {
_xsrf_token string _xsrf_token string
gotofunc string gotofunc string
CruSession session.SessionStore CruSession session.SessionStore
XSRFExpire int
} }
type ControllerInterface interface { type ControllerInterface interface {
@ -353,7 +354,13 @@ func (c *Controller) XsrfToken() string {
fmt.Fprintf(h, "%s:%d", c.Ctx.Request.RemoteAddr, time.Now().UnixNano()) fmt.Fprintf(h, "%s:%d", c.Ctx.Request.RemoteAddr, time.Now().UnixNano())
tok := fmt.Sprintf("%s:%d", h.Sum(nil), time.Now().UnixNano()) tok := fmt.Sprintf("%s:%d", h.Sum(nil), time.Now().UnixNano())
token = base64.URLEncoding.EncodeToString([]byte(tok)) token = base64.URLEncoding.EncodeToString([]byte(tok))
c.Ctx.SetCookie("_xsrf", token) expire := 0
if c.XSRFExpire > 0 {
expire = c.XSRFExpire
} else {
expire = XSRFExpire
}
c.Ctx.SetCookie("_xsrf", token, expire)
} }
c._xsrf_token = token c._xsrf_token = token
} }