1
0
mirror of https://github.com/astaxie/beego.git synced 2024-11-22 10:50:54 +00:00

move SetSecureCookie / GetSecureCookie to *context.Context and alias in Controller

This commit is contained in:
slene 2014-02-22 11:58:53 +08:00 committed by asta.xie
parent 9b498feac7
commit d8b9db8d3e
2 changed files with 48 additions and 36 deletions

View File

@ -1,7 +1,14 @@
package context package context
import ( import (
"crypto/hmac"
"crypto/sha1"
"encoding/base64"
"fmt"
"net/http" "net/http"
"strconv"
"strings"
"time"
"github.com/astaxie/beego/middleware" "github.com/astaxie/beego/middleware"
) )
@ -59,3 +66,41 @@ func (ctx *Context) GetCookie(key string) string {
func (ctx *Context) SetCookie(name string, value string, others ...interface{}) { func (ctx *Context) SetCookie(name string, value string, others ...interface{}) {
ctx.Output.Cookie(name, value, others...) ctx.Output.Cookie(name, value, others...)
} }
// Get secure cookie from request by a given key.
func (ctx *Context) GetSecureCookie(Secret, key string) (string, bool) {
val := ctx.Input.Cookie(key)
if val == "" {
return "", false
}
parts := strings.SplitN(val, "|", 3)
if len(parts) != 3 {
return "", false
}
vs := parts[0]
timestamp := parts[1]
sig := parts[2]
h := hmac.New(sha1.New, []byte(Secret))
fmt.Fprintf(h, "%s%s", vs, timestamp)
if fmt.Sprintf("%02x", h.Sum(nil)) != sig {
return "", false
}
res, _ := base64.URLEncoding.DecodeString(vs)
return string(res), true
}
// Set Secure cookie for response.
func (ctx *Context) SetSecureCookie(Secret, name, value string, others ...interface{}) {
vs := base64.URLEncoding.EncodeToString([]byte(value))
timestamp := strconv.FormatInt(time.Now().UnixNano(), 10)
h := hmac.New(sha1.New, []byte(Secret))
fmt.Fprintf(h, "%s%s", vs, timestamp)
sig := fmt.Sprintf("%02x", h.Sum(nil))
cookie := strings.Join([]string{vs, timestamp, sig}, "|")
ctx.Output.Cookie(name, cookie, others...)
}

View File

@ -2,11 +2,7 @@ package beego
import ( import (
"bytes" "bytes"
"crypto/hmac"
"crypto/sha1"
"encoding/base64"
"errors" "errors"
"fmt"
"html/template" "html/template"
"io" "io"
"io/ioutil" "io/ioutil"
@ -17,7 +13,6 @@ import (
"reflect" "reflect"
"strconv" "strconv"
"strings" "strings"
"time"
"github.com/astaxie/beego/context" "github.com/astaxie/beego/context"
"github.com/astaxie/beego/session" "github.com/astaxie/beego/session"
@ -417,40 +412,12 @@ func (c *Controller) IsAjax() bool {
// GetSecureCookie returns decoded cookie value from encoded browser cookie values. // GetSecureCookie returns decoded cookie value from encoded browser cookie values.
func (c *Controller) GetSecureCookie(Secret, key string) (string, bool) { func (c *Controller) GetSecureCookie(Secret, key string) (string, bool) {
val := c.Ctx.GetCookie(key) return c.Ctx.GetSecureCookie(Secret, key)
if val == "" {
return "", false
}
parts := strings.SplitN(val, "|", 3)
if len(parts) != 3 {
return "", false
}
vs := parts[0]
timestamp := parts[1]
sig := parts[2]
h := hmac.New(sha1.New, []byte(Secret))
fmt.Fprintf(h, "%s%s", vs, timestamp)
if fmt.Sprintf("%02x", h.Sum(nil)) != sig {
return "", false
}
res, _ := base64.URLEncoding.DecodeString(vs)
return string(res), true
} }
// SetSecureCookie puts value into cookie after encoded the value. // SetSecureCookie puts value into cookie after encoded the value.
func (c *Controller) SetSecureCookie(Secret, name, val string, age int64) { func (c *Controller) SetSecureCookie(Secret, name, value string, others ...interface{}) {
vs := base64.URLEncoding.EncodeToString([]byte(val)) c.Ctx.SetSecureCookie(Secret, name, value, others...)
timestamp := strconv.FormatInt(time.Now().UnixNano(), 10)
h := hmac.New(sha1.New, []byte(Secret))
fmt.Fprintf(h, "%s%s", vs, timestamp)
sig := fmt.Sprintf("%02x", h.Sum(nil))
cookie := strings.Join([]string{vs, timestamp, sig}, "|")
c.Ctx.SetCookie(name, cookie, age, "/")
} }
// XsrfToken creates a xsrf token string and returns. // XsrfToken creates a xsrf token string and returns.