func (x *Xsrf) VerifyFor(req zerver.Request) bool {
m := req.Method()
if !x.FilterGet && (m == "GET" || m == "HEAD" || m == "OPTIONS") {
return true
}
token := req.Header(_HEADER_XSRFTOKEN)
if token == "" {
token = req.Header(_HEADER_CSRFTOKEN)
if token == "" {
token = req.Param(_XSRF_PARAM_NAME)
if token == "" {
return false
}
}
}
data := x.verify(unsafe2.Bytes(token))
if data != nil {
x.Pool.Put(data)
t, ip, agent := x.TokenInfo.Unmarshal(data)
return t != -1 &&
t+x.Timeout >= time2.Now().Unix() &&
ip == req.RemoteIP() &&
agent == req.UserAgent()
}
return false
}
func (j JSONP) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
if req.Method() != "GET" {
chain(req, resp)
return
}
res, _ := req.ResourceMaster().Resource(resource.RES_JSON)
if res == nil {
resp.ReportNotAcceptable()
return
}
callback := req.Param(string(j))
if callback == "" {
resp.ReportBadRequest()
resp.Send("error", "no callback function")
return
}
resp.SetContentType(resource.RES_JSON, res)
_, err := resp.WriteString(callback)
if err != nil {
goto ERROR
}
_, err = resp.WriteString("(")
if err != nil {
goto ERROR
}
chain(req, resp)
_, err = resp.WriteString(")")
if err == nil {
return
}
ERROR:
req.Logger().Warnln(err)
}