Example #1
0
func main() {
	// Create cookie store
	Store = sessions.NewCookieStore([]byte("This is super screen..."))
	Store.Options = &sessions.Options{
		//Domain:   "localhost", // Chrome doesn't work with localhost domain
		Path:     "/",
		MaxAge:   3600 * 8, // 8 hours
		HttpOnly: true,
	}

	// Default handler
	h := http.HandlerFunc(routeLogin)

	// Prevents CSRF
	cs := csrfbanana.New(h, Store, SessionName)

	// Set error page for CSRF
	cs.FailureHandler(http.HandlerFunc(routeInvalidToken))

	// Generate a new token after each check (also prevents double submits)
	cs.ClearAfterUsage(true)

	// Exclude /static/ from tokens (even though we don't have a static file handler...)
	cs.ExcludeRegexPaths([]string{"/static(.*)"})

	// Optional - set the token length
	csrfbanana.TokenLength = 32

	// Optional - set the token name used in the forms
	csrfbanana.TokenName = "token"

	fmt.Println("Listening on http://localhost:80/")
	http.ListenAndServe(":8080", cs)
}
Example #2
0
func middleware(h http.Handler) http.Handler {
	// Prevents CSRF and Double Submits
	cs := csrfbanana.New(h, session.Store, session.Name)
	cs.FailureHandler(http.HandlerFunc(controller.InvalidToken))
	cs.ClearAfterUsage(true)
	cs.ExcludeRegexPaths([]string{"/static(.*)"})
	csrfbanana.TokenLength = 32
	csrfbanana.TokenName = "token"
	h = cs

	// Log every request
	h = logrequest.Handler(h)

	// Clear handler for Gorilla Context
	h = context.ClearHandler(h)

	return h
}