mirror of
https://github.com/astaxie/beego.git
synced 2024-12-23 03:20:50 +00:00
EnableXSRF
This commit is contained in:
parent
2fa534ff26
commit
f9a31ea00a
3
beego.go
3
beego.go
@ -45,7 +45,8 @@ var (
|
||||
HttpServerTimeOut int64 //set httpserver timeout
|
||||
ErrorsShow bool //set weather show errors
|
||||
XSRFKEY string //set XSRF
|
||||
CopyRequestBody bool //When in raw application, You want to the reqeustbody
|
||||
EnableXSRF bool
|
||||
CopyRequestBody bool //When in raw application, You want to the reqeustbody
|
||||
)
|
||||
|
||||
func init() {
|
||||
|
@ -192,6 +192,9 @@ func ParseConfig() (err error) {
|
||||
if xsrfkey := AppConfig.String("xsrfkey"); xsrfkey != "" {
|
||||
XSRFKEY = xsrfkey
|
||||
}
|
||||
if enablexsrf, err := AppConfig.Bool("enablexsrf"); err == nil {
|
||||
EnableXSRF = enablexsrf
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
@ -352,7 +352,7 @@ func (c *Controller) XsrfToken() string {
|
||||
h := hmac.New(sha1.New, []byte(XSRFKEY))
|
||||
fmt.Fprintf(h, "%s:%d", c.Ctx.Request.RemoteAddr, time.Now().UnixNano())
|
||||
tok := fmt.Sprintf("%s:%d", h.Sum(nil), time.Now().UnixNano())
|
||||
token := base64.URLEncoding.EncodeToString([]byte(tok))
|
||||
token = base64.URLEncoding.EncodeToString([]byte(tok))
|
||||
c.Ctx.SetCookie("_xsrf", token)
|
||||
}
|
||||
c._xsrf_token = token
|
||||
@ -362,7 +362,6 @@ func (c *Controller) XsrfToken() string {
|
||||
|
||||
func (c *Controller) CheckXsrfCookie() bool {
|
||||
token := c.GetString("_xsrf")
|
||||
|
||||
if token == "" {
|
||||
token = c.Ctx.Request.Header.Get("X-Xsrftoken")
|
||||
}
|
||||
|
21
router.go
21
router.go
@ -452,6 +452,17 @@ func (p *ControllerRegistor) ServeHTTP(rw http.ResponseWriter, r *http.Request)
|
||||
method := vc.MethodByName("Prepare")
|
||||
method.Call(in)
|
||||
|
||||
//if XSRF is Enable then check cookie where there has any cookie in the request's cookie _csrf
|
||||
if EnableXSRF {
|
||||
method = vc.MethodByName("XsrfToken")
|
||||
method.Call(in)
|
||||
if r.Method == "POST" || r.Method == "DELETE" || r.Method == "PUT" ||
|
||||
(r.Method == "POST" && (r.Form.Get("_method") == "delete" || r.Form.Get("_method") == "put")) {
|
||||
method = vc.MethodByName("CheckXsrfCookie")
|
||||
method.Call(in)
|
||||
}
|
||||
}
|
||||
|
||||
//if response has written,yes don't run next
|
||||
if !w.started {
|
||||
if r.Method == "GET" {
|
||||
@ -581,6 +592,16 @@ func (p *ControllerRegistor) ServeHTTP(rw http.ResponseWriter, r *http.Request)
|
||||
method.Call(in)
|
||||
method = vc.MethodByName(mName)
|
||||
method.Call(in)
|
||||
//if XSRF is Enable then check cookie where there has any cookie in the request's cookie _csrf
|
||||
if EnableXSRF {
|
||||
method = vc.MethodByName("XsrfToken")
|
||||
method.Call(in)
|
||||
if r.Method == "POST" || r.Method == "DELETE" || r.Method == "PUT" ||
|
||||
(r.Method == "POST" && (r.Form.Get("_method") == "delete" || r.Form.Get("_method") == "put")) {
|
||||
method = vc.MethodByName("CheckXsrfCookie")
|
||||
method.Call(in)
|
||||
}
|
||||
}
|
||||
if !w.started {
|
||||
if AutoRender {
|
||||
method = vc.MethodByName("Render")
|
||||
|
Loading…
Reference in New Issue
Block a user