func TwitchLoginHandler(w http.ResponseWriter, r *http.Request) { token, err := controllerhelpers.GetToken(r) if err == http.ErrNoCookie { http.Error(w, "You are not logged in.", http.StatusUnauthorized) return } else if err != nil { http.Error(w, "Invalid jwt", http.StatusBadRequest) return } id := token.Claims.(*controllerhelpers.TF2StadiumClaims).PlayerID player, _ := player.GetPlayerByID(id) loginURL := url.URL{ Scheme: "https", Host: "api.twitch.tv", Path: "kraken/oauth2/authorize", } //twitchRedirectURL := config.Constants.PublicAddress + "/" + "twitchAuth" twitchRedirectURL, _ := url.Parse(config.Constants.PublicAddress) twitchRedirectURL.Path = "twitchAuth" values := loginURL.Query() values.Set("response_type", "code") values.Set("client_id", config.Constants.TwitchClientID) values.Set("redirect_uri", twitchRedirectURL.String()) values.Set("scope", "channel_check_subscription user_subscriptions channel_subscriptions user_read") values.Set("state", xsrftoken.Generate(config.Constants.CookieStoreSecret, player.SteamID, "GET")) loginURL.RawQuery = values.Encode() http.Redirect(w, r, loginURL.String(), http.StatusTemporaryRedirect) }
// Generate generates a new token func (d *DefaultCSRFGenerator) Generate(actionID string) string { if _, ok := d.Session.Get(CsrfSessionKey).(string); !d.Session.Has(CsrfSessionKey) || !ok { d.Session.Set(CsrfSessionKey, base64.StdEncoding.EncodeToString(securecookie.GenerateRandomKey(16))) } t := xsrftoken.Generate(d.Secret, d.Session.Get(CsrfSessionKey).(string), actionID) return t }
func ViewServerPage(w http.ResponseWriter, r *http.Request) { err := serverPage.Execute(w, map[string]interface{}{ "XSRFToken": xsrftoken.Generate(config.Constants.CookieStoreSecret, "admin", "POST"), "Servers": gameserver.GetAllStoredServers(), }) if err != nil { logrus.Error(err) } }
func ServeAdminPage(w http.ResponseWriter, r *http.Request) { err := adminPageTempl.Execute(w, map[string]interface{}{ "BanForms": banForm, "RoleForms": roleForm, "XSRFToken": xsrftoken.Generate(config.Constants.CookieStoreSecret, "admin", "POST"), }) if err != nil { logrus.Error(err) } }
func confirmReq(w http.ResponseWriter, r *http.Request, method, title string) { templ, err := template.ParseFiles("views/admin/templates/confirm.html") if err != nil { logrus.Error(err.Error()) return } session, _ := controllerhelpers.GetSessionHTTP(r) admin, _ := models.GetPlayerBySteamID(session.Values["steam_id"].(string)) token := xsrftoken.Generate(config.Constants.CookieStoreSecret, admin.SteamID, method) templ.Execute(w, struct { URL string Title string XSRFToken string }{r.URL.String(), title, token}) }