func (c *csrf) generate(ctx *app.Context) (*csrf, error) {
salt1 := stringutil.Random(randomSaltLength)
salt2 := stringutil.Random(randomSaltLength)
esA, err := csrfEncryptSigner(ctx, csrfSalt)
if err != nil {
return nil, err
}
c.GondolaCSRFA, err = esA.EncryptSign([]byte(salt1 + ":" + salt2))
if err != nil {
return nil, err
}
value := stringutil.Random(randomValueLength)
esB, err := csrfEncryptSigner(ctx, salt1)
if err != nil {
return nil, err
}
c.GondolaCSRFB, err = esB.EncryptSign([]byte(value))
if err != nil {
return nil, err
}
esC, err := csrfEncryptSigner(ctx, salt2)
if err != nil {
return nil, err
}
c.GondolaCSRFC, err = esC.EncryptSign([]byte(stringutil.Reverse(value)))
if err != nil {
return nil, err
}
return c, nil
}
func formatNumber(lang i18n.Languager, integer string, decimal string) string {
/// THOUSANDS SEPARATOR
tSep := i18n.Tc(lang, "formautil", ",")
var buf bytes.Buffer
ii := 0
for _, c := range stringutil.Reverse(integer) {
if ii == 3 {
buf.WriteString(tSep)
ii = 0
}
buf.WriteRune(c)
ii++
}
s := stringutil.Reverse(buf.String())
if decimal != "" {
/// DECIMAL SEPARATOR
dSep := i18n.Tc(lang, "formautil", ".")
return s + dSep + decimal
}
return s
}
func (c *csrf) ValidateGondolaCSRFC(ctx *app.Context) error {
if c.failed {
return nil
}
es, err := csrfEncryptSigner(ctx, c.salt2)
if err != nil {
return c.error(ctx, err)
}
val, err := es.UnsignDecrypt(c.GondolaCSRFC)
if err != nil {
return c.error(ctx, err)
}
rev := stringutil.Reverse(string(val))
if len(rev) != len(c.value) || subtle.ConstantTimeCompare([]byte(c.value), []byte(rev)) != 1 {
return c.error(ctx, nil)
}
return nil
}
