mirror of
https://github.com/astaxie/beego.git
synced 2024-11-29 13:01:30 +00:00
fix #230
This commit is contained in:
parent
1eb87c5c59
commit
c4edc13413
@ -326,15 +326,11 @@ func (c *Controller) GetSecureCookie(Secret, key string) (string, bool) {
|
|||||||
if fmt.Sprintf("%02x", h.Sum(nil)) != sig {
|
if fmt.Sprintf("%02x", h.Sum(nil)) != sig {
|
||||||
return "", false
|
return "", false
|
||||||
}
|
}
|
||||||
|
res, _ := base64.URLEncoding.DecodeString(vs)
|
||||||
buf := bytes.NewBufferString(val)
|
|
||||||
encoder := base64.NewDecoder(base64.StdEncoding, buf)
|
|
||||||
|
|
||||||
res, _ := ioutil.ReadAll(encoder)
|
|
||||||
return string(res), true
|
return string(res), true
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Controller) SetSecureCookie(Secret, name, val string, age int) {
|
func (c *Controller) SetSecureCookie(Secret, name, val string, age int64) {
|
||||||
vs := base64.URLEncoding.EncodeToString([]byte(val))
|
vs := base64.URLEncoding.EncodeToString([]byte(val))
|
||||||
timestamp := strconv.FormatInt(time.Now().UnixNano(), 10)
|
timestamp := strconv.FormatInt(time.Now().UnixNano(), 10)
|
||||||
h := hmac.New(sha1.New, []byte(Secret))
|
h := hmac.New(sha1.New, []byte(Secret))
|
||||||
@ -348,11 +344,11 @@ func (c *Controller) XsrfToken() string {
|
|||||||
if c._xsrf_token == "" {
|
if c._xsrf_token == "" {
|
||||||
token, ok := c.GetSecureCookie(XSRFKEY, "_xsrf")
|
token, ok := c.GetSecureCookie(XSRFKEY, "_xsrf")
|
||||||
if !ok {
|
if !ok {
|
||||||
expire := 0
|
var expire int64
|
||||||
if c.XSRFExpire > 0 {
|
if c.XSRFExpire > 0 {
|
||||||
expire = c.XSRFExpire
|
expire = int64(c.XSRFExpire)
|
||||||
} else {
|
} else {
|
||||||
expire = XSRFExpire
|
expire = int64(XSRFExpire)
|
||||||
}
|
}
|
||||||
token = GetRandomString(15)
|
token = GetRandomString(15)
|
||||||
c.SetSecureCookie(XSRFKEY, "_xsrf", token, expire)
|
c.SetSecureCookie(XSRFKEY, "_xsrf", token, expire)
|
||||||
@ -379,8 +375,16 @@ func (c *Controller) CheckXsrfCookie() bool {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (c *Controller) XsrfFormHtml() string {
|
func (c *Controller) XsrfFormHtml() string {
|
||||||
|
var expire int64
|
||||||
|
if c.XSRFExpire > 0 {
|
||||||
|
expire = int64(c.XSRFExpire)
|
||||||
|
} else {
|
||||||
|
expire = int64(XSRFExpire)
|
||||||
|
}
|
||||||
|
token := GetRandomString(15)
|
||||||
|
c.SetSecureCookie(XSRFKEY, "_xsrf", token, expire)
|
||||||
return "<input type=\"hidden\" name=\"_xsrf\" value=\"" +
|
return "<input type=\"hidden\" name=\"_xsrf\" value=\"" +
|
||||||
c._xsrf_token + "\"/>"
|
token + "\"/>"
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Controller) GoToFunc(funcname string) {
|
func (c *Controller) GoToFunc(funcname string) {
|
||||||
|
Loading…
Reference in New Issue
Block a user