1
0
mirror of https://github.com/astaxie/beego.git synced 2024-11-29 22:11:27 +00:00

beego: XSRF support Controller level fix #610

default value is true when you Enable Global XSRF, also can control in
the prepare function to change the value.
This commit is contained in:
astaxie 2014-05-17 00:12:25 +08:00
parent f6ce2656db
commit 34ddcef1dc
3 changed files with 14 additions and 4 deletions

View File

@ -47,6 +47,7 @@ type Controller struct {
XSRFExpire int XSRFExpire int
AppController interface{} AppController interface{}
EnableRender bool EnableRender bool
EnableXSRF bool
} }
// ControllerInterface is an interface to uniform all controller handler. // ControllerInterface is an interface to uniform all controller handler.
@ -76,6 +77,7 @@ func (c *Controller) Init(ctx *context.Context, controllerName, actionName strin
c.TplExt = "tpl" c.TplExt = "tpl"
c.AppController = app c.AppController = app
c.EnableRender = true c.EnableRender = true
c.EnableXSRF = true
c.Data = ctx.Input.Data c.Data = ctx.Input.Data
} }
@ -441,6 +443,9 @@ func (c *Controller) XsrfToken() string {
// the token can provided in request header "X-Xsrftoken" and "X-CsrfToken" // the token can provided in request header "X-Xsrftoken" and "X-CsrfToken"
// or in form field value named as "_xsrf". // or in form field value named as "_xsrf".
func (c *Controller) CheckXsrfCookie() bool { func (c *Controller) CheckXsrfCookie() bool {
if !c.EnableXSRF {
return true
}
token := c.GetString("_xsrf") token := c.GetString("_xsrf")
if token == "" { if token == "" {
token = c.Ctx.Request.Header.Get("X-Xsrftoken") token = c.Ctx.Request.Header.Get("X-Xsrftoken")

View File

@ -906,6 +906,9 @@ func (p *ControllerRegistor) ServeHTTP(rw http.ResponseWriter, r *http.Request)
//call the controller init function //call the controller init function
execController.Init(context, runrouter.Name(), runMethod, vc.Interface()) execController.Init(context, runrouter.Name(), runMethod, vc.Interface())
//call prepare function
execController.Prepare()
//if XSRF is Enable then check cookie where there has any cookie in the request's cookie _csrf //if XSRF is Enable then check cookie where there has any cookie in the request's cookie _csrf
if EnableXSRF { if EnableXSRF {
execController.XsrfToken() execController.XsrfToken()
@ -915,9 +918,6 @@ func (p *ControllerRegistor) ServeHTTP(rw http.ResponseWriter, r *http.Request)
} }
} }
//call prepare function
execController.Prepare()
if !w.started { if !w.started {
//exec main logic //exec main logic
switch runMethod { switch runMethod {

View File

@ -186,16 +186,21 @@ func Htmlunquote(src string) string {
// UrlFor returns url string with another registered controller handler with params. // UrlFor returns url string with another registered controller handler with params.
// usage: // usage:
//
// UrlFor(".index") // UrlFor(".index")
// print UrlFor("index") // print UrlFor("index")
// router /login
// print UrlFor("login") // print UrlFor("login")
// print UrlFor("login", "next","/"") // print UrlFor("login", "next","/"")
// print UrlFor("profile", "username","John Doe") // router /profile/:username
// print UrlFor("profile", ":username","John Doe")
// result: // result:
// / // /
// /login // /login
// /login?next=/ // /login?next=/
// /user/John%20Doe // /user/John%20Doe
//
// more detail http://beego.me/docs/mvc/controller/urlbuilding.md
func UrlFor(endpoint string, values ...string) string { func UrlFor(endpoint string, values ...string) string {
return BeeApp.UrlFor(endpoint, values...) return BeeApp.UrlFor(endpoint, values...)
} }