func (x *Xsrf) VerifyFor(req zerver.Request) bool {
m := req.Method()
if !x.FilterGet && (m == "GET" || m == "HEAD" || m == "OPTIONS") {
return true
}
token := req.Header(_HEADER_XSRFTOKEN)
if token == "" {
token = req.Header(_HEADER_CSRFTOKEN)
if token == "" {
token = req.Param(_XSRF_PARAM_NAME)
if token == "" {
return false
}
}
}
data := x.verify(unsafe2.Bytes(token))
if data != nil {
x.Pool.Put(data)
t, ip, agent := x.TokenInfo.Unmarshal(data)
return t != -1 &&
t+x.Timeout >= time2.Now().Unix() &&
ip == req.RemoteIP() &&
agent == req.UserAgent()
}
return false
}
func (x *Xsrf) CreateFor(req zerver.Request) ([]byte, error) {
bs, err := x.TokenInfo.Marshal(time2.Now().Unix(), req.RemoteIP(), req.UserAgent())
if err == nil {
return x.sign(bs), nil
}
return nil, err
}
func (l *Log) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
if l.CountTime {
nano := time.Now().UnixNano()
chain(req, resp)
nano = time.Now().UnixNano() - nano
l.logger.Infoln(
time2.ToHuman(nano),
resp.Status(),
req.Method(),
req.URL().Path,
req.RemoteIP(),
req.UserAgent())
} else {
chain(req, resp)
l.logger.Infoln(
resp.Status(),
req.Method(),
req.URL().Path,
req.RemoteIP(),
req.UserAgent())
}
}
func (l *Log) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
if l.CountTime {
now := time2.Now()
chain(req, resp)
cost := time2.Now().Sub(now)
l.logger.Infoln(
cost.String(),
resp.Status(),
req.Method(),
req.URL().Path,
req.RemoteIP(),
req.UserAgent())
} else {
chain(req, resp)
l.logger.Infoln(
resp.Status(),
req.Method(),
req.URL().Path,
req.RemoteIP(),
req.UserAgent())
}
}
