From c4edc134130706c484ad53265ee70b7ee763c18d Mon Sep 17 00:00:00 2001 From: astaxie Date: Sat, 28 Sep 2013 21:36:36 +0800 Subject: [PATCH] fix #230 --- controller.go | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/controller.go b/controller.go index 8bb64176..00e35543 100644 --- a/controller.go +++ b/controller.go @@ -326,15 +326,11 @@ func (c *Controller) GetSecureCookie(Secret, key string) (string, bool) { if fmt.Sprintf("%02x", h.Sum(nil)) != sig { return "", false } - - buf := bytes.NewBufferString(val) - encoder := base64.NewDecoder(base64.StdEncoding, buf) - - res, _ := ioutil.ReadAll(encoder) + res, _ := base64.URLEncoding.DecodeString(vs) return string(res), true } -func (c *Controller) SetSecureCookie(Secret, name, val string, age int) { +func (c *Controller) SetSecureCookie(Secret, name, val string, age int64) { vs := base64.URLEncoding.EncodeToString([]byte(val)) timestamp := strconv.FormatInt(time.Now().UnixNano(), 10) h := hmac.New(sha1.New, []byte(Secret)) @@ -348,11 +344,11 @@ func (c *Controller) XsrfToken() string { if c._xsrf_token == "" { token, ok := c.GetSecureCookie(XSRFKEY, "_xsrf") if !ok { - expire := 0 + var expire int64 if c.XSRFExpire > 0 { - expire = c.XSRFExpire + expire = int64(c.XSRFExpire) } else { - expire = XSRFExpire + expire = int64(XSRFExpire) } token = GetRandomString(15) c.SetSecureCookie(XSRFKEY, "_xsrf", token, expire) @@ -379,8 +375,16 @@ func (c *Controller) CheckXsrfCookie() bool { } func (c *Controller) XsrfFormHtml() string { + var expire int64 + if c.XSRFExpire > 0 { + expire = int64(c.XSRFExpire) + } else { + expire = int64(XSRFExpire) + } + token := GetRandomString(15) + c.SetSecureCookie(XSRFKEY, "_xsrf", token, expire) return "" + token + "\"/>" } func (c *Controller) GoToFunc(funcname string) {