Example #1
0
func (ri *RequestId) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
	if req.ReqMethod() == zerver.METHOD_GET {
		chain(req, resp)
		return
	}

	reqId := req.GetHeader(ri.HeaderName)
	if reqId == "" {
		if ri.PassingOnNoId {
			chain(req, resp)
		} else {
			resp.StatusCode(http.StatusBadRequest)
		}
	} else {
		ip := http2.IpOfAddr(req.RemoteAddr())
		id := ip + ":" + reqId
		if err := ri.Store.Save(id); err == ErrRequestIDExist {
			resp.StatusCode(http.StatusForbidden)
		} else if err != nil {
			ri.log.Warn(log.M{"msg": "save request id failed", "err": err.Error()})
		} else {
			chain(req, resp)
			ri.Store.Remove(id)
		}
	}
}
Example #2
0
func (x *Xsrf) VerifyFor(req zerver.Request) bool {
	m := req.ReqMethod()
	if !x.FilterGet && (m == zerver.METHOD_GET || m == zerver.METHOD_HEAD || m == zerver.METHOD_OPTIONS) {
		return true
	}

	token := req.GetHeader(_HEADER_XSRFTOKEN)
	if token == "" {
		token = req.GetHeader(_HEADER_CSRFTOKEN)
		if token == "" {
			token = req.Vars().QueryVar(_XSRF_PARAM_NAME)
			if token == "" {
				return false
			}
		}
	}

	data := x.verify(unsafe2.Bytes(token))
	if data != nil {
		x.Pool.Put(data)
		t, ip := x.TokenInfo.Unmarshal(data)
		return t != -1 &&
			t+x.Timeout >= time2.Now().Unix() &&
			ip == http2.IpOfAddr(req.RemoteAddr())
	}

	return false
}
Example #3
0
func (c *CORS) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
	reqMethod := req.GetHeader(_CORS_REQUESTMETHOD)
	reqHeaders := req.GetHeader(_CORS_REQUESTHEADERS)

	if req.ReqMethod() == zerver.METHOD_OPTIONS && (reqMethod != "" || reqHeaders != "") {
		c.preflight(req, resp, reqMethod, reqHeaders)
	} else {
		c.filter(req, resp, chain)
	}
}
Example #4
0
func (l *Log) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
	now := time2.Now()
	chain(req, resp)
	cost := time2.Now().Sub(now)

	l.log.Info(log.M{
		"method":     req.ReqMethod(),
		"url":        req.URL().String(),
		"remote":     req.RemoteAddr(),
		"userAgent":  req.GetHeader(zerver.HEADER_USERAGENT),
		"cost":       cost.String(),
		"statusCode": resp.StatusCode(0),
	})
}
Example #5
0
// Create xsrf token, used as zerver.HandleFunc
func (x *Xsrf) Create(req zerver.Request, resp zerver.Response) {
	tokBytes, err := x.CreateFor(req)
	if err == nil {
		resp.StatusCode(http.StatusServiceUnavailable)
		return
	}

	if req.ReqMethod() == "POST" {
		resp.StatusCode(http.StatusCreated)
	}

	defer x.Pool.Put(tokBytes)
	err = resp.Send(Token{string(tokBytes)})
	if err != nil {
		x.log.Error(log.M{"msg": "send xsrf token", "err": err.Error()})
	}
}
Example #6
0
func (j *JSONP) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
	if req.ReqMethod() != zerver.METHOD_GET {
		chain(req, resp)
		return
	}

	callback := req.Vars().QueryVar(j.CallbackVar)
	if callback == "" {
		chain(req, resp)
		return
	}

	buffer := bytes.NewBuffer(make([]byte, 0, 256))
	bw := wrap.BuffRespWriter{ // to avoid write header 200 first when write callback name
		Buffer: buffer,
	}
	resp.Wrap(func(w http.ResponseWriter, shouldClose bool) (http.ResponseWriter, bool) {
		bw.ResponseWriter = w
		bw.ShouldClose = shouldClose
		return &bw, shouldClose
	})
	chain(req, resp)
	bw.Buffer = nil

	_, err := io2.WriteString(resp, callback)
	if err == nil {
		_, err = io2.WriteString(resp, "(")
		if err == nil {
			_, err = resp.Write(buffer.Bytes())
			if err == nil {
				_, err = io2.WriteString(resp, ")")
			}
		}
	}
	if err != nil {
		j.log.Warn(log.M{"msg": "write jsonp response failed", "err": err.Error()})
	}
}