Beispiel #1
0
func (l *Log) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
	now := time2.Now()
	chain(req, resp)
	cost := time2.Now().Sub(now)

	l.log.Info(log.M{
		"method":     req.ReqMethod(),
		"url":        req.URL().String(),
		"remote":     req.RemoteAddr(),
		"userAgent":  req.GetHeader(zerver.HEADER_USERAGENT),
		"cost":       cost.String(),
		"statusCode": resp.StatusCode(0),
	})
}
Beispiel #2
0
func (x *Xsrf) VerifyFor(req zerver.Request) bool {
	m := req.Method()
	if !x.FilterGet && (m == "GET" || m == "HEAD" || m == "OPTIONS") {
		return true
	}

	token := req.Header(_HEADER_XSRFTOKEN)
	if token == "" {
		token = req.Header(_HEADER_CSRFTOKEN)
		if token == "" {
			token = req.Param(_XSRF_PARAM_NAME)
			if token == "" {
				return false
			}
		}
	}

	data := x.verify(unsafe2.Bytes(token))
	if data != nil {
		x.Pool.Put(data)
		t, ip, agent := x.TokenInfo.Unmarshal(data)
		return t != -1 &&
			t+x.Timeout >= time2.Now().Unix() &&
			ip == req.RemoteIP() &&
			agent == req.UserAgent()
	}

	return false
}
Beispiel #3
0
func (x *Xsrf) VerifyFor(req zerver.Request) bool {
	m := req.ReqMethod()
	if !x.FilterGet && (m == zerver.METHOD_GET || m == zerver.METHOD_HEAD || m == zerver.METHOD_OPTIONS) {
		return true
	}

	token := req.GetHeader(_HEADER_XSRFTOKEN)
	if token == "" {
		token = req.GetHeader(_HEADER_CSRFTOKEN)
		if token == "" {
			token = req.Vars().QueryVar(_XSRF_PARAM_NAME)
			if token == "" {
				return false
			}
		}
	}

	data := x.verify(unsafe2.Bytes(token))
	if data != nil {
		x.Pool.Put(data)
		t, ip := x.TokenInfo.Unmarshal(data)
		return t != -1 &&
			t+x.Timeout >= time2.Now().Unix() &&
			ip == http2.IpOfAddr(req.RemoteAddr())
	}

	return false
}
Beispiel #4
0
func (x *Xsrf) CreateFor(req zerver.Request) ([]byte, error) {
	bs, err := x.TokenInfo.Marshal(time2.Now().Unix(), req.RemoteIP(), req.UserAgent())
	if err == nil {
		return x.sign(bs), nil
	}

	return nil, err
}
Beispiel #5
0
func (x *Xsrf) CreateFor(req zerver.Request) ([]byte, error) {
	bs, err := x.TokenInfo.Marshal(time2.Now().Unix(), http2.IpOfAddr(req.RemoteAddr()))
	if err == nil {
		return x.sign(bs), nil
	}

	return nil, err
}
Beispiel #6
0
// newSessionId generate new session id different from exists
func (sm *sessionManager) newSessionId() string {
	sm.lock.Lock()
	for {
		id := strconv.Itoa(int(time2.Now().UnixNano() / 10))
		if _, has := sm.sessions[id]; !has && !sm.store.IsExist(id) {
			sm.lock.Unlock()
			return id
		}
	}
}
Beispiel #7
0
func (l *Log) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
	if l.CountTime {
		now := time2.Now()

		chain(req, resp)
		cost := time2.Now().Sub(now)
		l.logger.Infoln(
			cost.String(),
			resp.Status(),
			req.Method(),
			req.URL().Path,
			req.RemoteIP(),
			req.UserAgent())
	} else {
		chain(req, resp)
		l.logger.Infoln(
			resp.Status(),
			req.Method(),
			req.URL().Path,
			req.RemoteIP(),
			req.UserAgent())
	}
}
Beispiel #8
0
func (c *Cipher) Decode(b []byte) ([]byte, error) {
	if len(b) < c.hdrLen {
		return nil, ErrBadKey
	}

	deadline := binary.BigEndian.Uint64(b[c.sigLen:c.hdrLen])
	if c.ttl != 0 && uint64(time2.Now().Unix()) > deadline {
		return nil, ErrExpiredKey
	}

	data := b[c.hdrLen:]
	encData := c.encrypt(deadline, data)
	if !bytes.Equal(encData, b) {
		return nil, ErrInvalidSignature
	}

	return data, nil
}
Beispiel #9
0
func (c *Cipher) Decode(str []byte) ([]byte, error) {
	hdrLen := c.sigLen + c.timestampLen
	if len(str) < hdrLen {
		return nil, ErrBadKey
	}

	tm := binary.BigEndian.Uint64(str[c.sigLen:])
	if c.ttl != 0 && uint64(time2.Now().UnixNano()) > tm {
		return nil, ErrExpiredKey
	}

	data := str[hdrLen:]
	sig := c.encrypt(tm, data)
	if !bytes.Equal(sig, str) {
		return nil, ErrInvalidSignature
	}

	return data, nil
}
Beispiel #10
0
func (c *Cipher) Encode(b []byte) []byte {
	deadline := uint64(time2.Now().Add(c.ttl).Unix())
	return c.encrypt(deadline, b)
}
Beispiel #11
0
func (c *Cipher) Encode(str []byte) []byte {
	n := uint64(time2.Now().Add(c.ttl).UnixNano())
	return c.encrypt(n, str)
}
Beispiel #12
0
func (d *DB) timingString(dur time.Duration) string {
	return time2.Now().Add(dur).Format(d.timeFormat)
}