beego:fix #685

move XsrfToken& CheckXsrfCookie to context
2025-07-12 00:11:02 +00:00 · 2014-07-24 23:12:21 +08:00
parent d7090689e8
commit ee9749d640
2 changed files with 41 additions and 25 deletions
--- a/controller.go
+++ b/controller.go
@ -25,7 +25,6 @@ import (

 	"github.com/astaxie/beego/context"
 	"github.com/astaxie/beego/session"
-	"github.com/astaxie/beego/utils"
 )

 //commonly used mime-types
@ -477,18 +476,13 @@ func (c *Controller) SetSecureCookie(Secret, name, value string, others ...inter
 // XsrfToken creates a xsrf token string and returns.
 func (c *Controller) XsrfToken() string {
 	if c._xsrf_token == "" {
-		token, ok := c.GetSecureCookie(XSRFKEY, "_xsrf")
-		if !ok {
-			var expire int64
-			if c.XSRFExpire > 0 {
-				expire = int64(c.XSRFExpire)
-			} else {
-				expire = int64(XSRFExpire)
-			}
-			token = string(utils.RandomCreateBytes(32))
-			c.SetSecureCookie(XSRFKEY, "_xsrf", token, expire)
+		var expire int64
+		if c.XSRFExpire > 0 {
+			expire = int64(c.XSRFExpire)
+		} else {
+			expire = int64(XSRFExpire)
 		}
-		c._xsrf_token = token
+		c._xsrf_token = c.Ctx.XsrfToken(XSRFKEY, expire)
 	}
 	return c._xsrf_token
 }
@ -500,19 +494,7 @@ func (c *Controller) CheckXsrfCookie() bool {
 	if !c.EnableXSRF {
 		return true
 	}
-	token := c.GetString("_xsrf")
-	if token == "" {
-		token = c.Ctx.Request.Header.Get("X-Xsrftoken")
-	}
-	if token == "" {
-		token = c.Ctx.Request.Header.Get("X-Csrftoken")
-	}
-	if token == "" {
-		c.Ctx.Abort(403, "'_xsrf' argument missing from POST")
-	} else if c._xsrf_token != token {
-		c.Ctx.Abort(403, "XSRF cookie does not match POST argument")
-	}
-	return true
+	return c.Ctx.CheckXsrfCookie()
 }

 // XsrfFormHtml writes an input field contains xsrf token value.