func (c *csrf) generate(ctx *app.Context) (*csrf, error) { salt1 := stringutil.Random(randomSaltLength) salt2 := stringutil.Random(randomSaltLength) esA, err := csrfEncryptSigner(ctx, csrfSalt) if err != nil { return nil, err } c.GondolaCSRFA, err = esA.EncryptSign([]byte(salt1 + ":" + salt2)) if err != nil { return nil, err } value := stringutil.Random(randomValueLength) esB, err := csrfEncryptSigner(ctx, salt1) if err != nil { return nil, err } c.GondolaCSRFB, err = esB.EncryptSign([]byte(value)) if err != nil { return nil, err } esC, err := csrfEncryptSigner(ctx, salt2) if err != nil { return nil, err } c.GondolaCSRFC, err = esC.EncryptSign([]byte(stringutil.Reverse(value))) if err != nil { return nil, err } return c, nil }
func formatNumber(lang i18n.Languager, integer string, decimal string) string { /// THOUSANDS SEPARATOR tSep := i18n.Tc(lang, "formautil", ",") var buf bytes.Buffer ii := 0 for _, c := range stringutil.Reverse(integer) { if ii == 3 { buf.WriteString(tSep) ii = 0 } buf.WriteRune(c) ii++ } s := stringutil.Reverse(buf.String()) if decimal != "" { /// DECIMAL SEPARATOR dSep := i18n.Tc(lang, "formautil", ".") return s + dSep + decimal } return s }
func (c *csrf) ValidateGondolaCSRFC(ctx *app.Context) error { if c.failed { return nil } es, err := csrfEncryptSigner(ctx, c.salt2) if err != nil { return c.error(ctx, err) } val, err := es.UnsignDecrypt(c.GondolaCSRFC) if err != nil { return c.error(ctx, err) } rev := stringutil.Reverse(string(val)) if len(rev) != len(c.value) || subtle.ConstantTimeCompare([]byte(c.value), []byte(rev)) != 1 { return c.error(ctx, nil) } return nil }