func InitCsrf(authKey []byte, opts ...Option) *CsrfProtection { cs := parseOptions(nil, opts...) // Set the defaults if no options have been specified if cs.Opts.ErrorHandler == nil { cs.Opts.ErrorHandler = http.HandlerFunc(unauthorizedHandler) } if cs.Opts.MaxAge < 1 { // Default of 12 hours cs.Opts.MaxAge = defaultAge } if cs.Opts.FieldName == "" { cs.Opts.FieldName = fieldName } if cs.Opts.CookieName == "" { cs.Opts.CookieName = CookieName } if cs.Opts.RequestHeader == "" { cs.Opts.RequestHeader = headerName } // Create an authenticated securecookie instance. if cs.Sc == nil { cs.Sc = securecookie.New(authKey, nil) // Use JSON serialization (faster than one-off gob encoding) cs.Sc.SetSerializer(securecookie.JSONEncoder{}) // Set the MaxAge of the underlying securecookie. cs.Sc.MaxAge(cs.Opts.MaxAge) } if cs.St == nil { // Default to the cookieStore cs.St = &cookieStore{ name: cs.Opts.CookieName, maxAge: cs.Opts.MaxAge, secure: cs.Opts.Secure, httpOnly: cs.Opts.HttpOnly, path: cs.Opts.Path, domain: cs.Opts.Domain, sc: cs.Sc, } } return cs }
// TestCookieEncode tests that an invalid cookie store returns an encoding error. func TestCookieEncode(t *testing.T) { var age = 3600 // Test with a nil hash key sc := securecookie.New(nil, nil) sc.MaxAge(age) st := &cookieStore{CookieName, age, true, true, "", "", sc} rr := httptest.NewRecorder() err := st.Save(nil, rr) if err == nil { t.Fatal("cookiestore did not report an invalid hashkey on encode") } }
// TestCookieDecode tests that an invalid cookie store returns a decoding error. func TestCookieDecode(t *testing.T) { r, err := http.NewRequest("GET", "/", nil) if err != nil { t.Fatal(err) } var age = 3600 // Test with a nil hash key sc := securecookie.New(nil, nil) sc.MaxAge(age) st := &cookieStore{CookieName, age, true, true, "", "", sc} // Set a fake cookie value so r.Cookie passes. r.Header.Set("Cookie", fmt.Sprintf("%s=%s", CookieName, "notacookie")) _, err = st.Get(r) if err == nil { t.Fatal("cookiestore did not report an invalid hashkey on decode") } }