Example #1
0
// Check implements the CSRF interface
func (c *sessionCsrf) Check(req *http.Request, value string) (bool, error) {
	if len(value) == 0 {
		return false, nil
	}

	session, err := c.store.Get(req, c.name)
	if err != nil {
		return false, err
	}

	values := session.Values()
	csrfString, ok := values[CSRFKey].(string)
	if ok && csrfString == value {
		return true, nil
	}

	return false, nil
}
Example #2
0
// Generate implements the CSRF interface
func (c *sessionCsrf) Generate(w http.ResponseWriter, req *http.Request) (string, error) {
	session, err := c.store.Get(req, c.name)
	if err != nil {
		return "", err
	}

	values := session.Values()
	csrfString, ok := values[CSRFKey].(string)
	if ok && csrfString != "" {
		return csrfString, nil
	}

	csrfString = uuid.NewUUID().String()
	values[CSRFKey] = csrfString

	// TODO: defer save until response is written?
	if err = c.store.Save(w, req); err != nil {
		return "", err
	}

	return csrfString, nil
}