Esempio n. 1
func New(db *database.DB,
	mailer mailer.Mailer,
	log *logrus.Logger,
	cfg *config.Config) *Server {

	secureCookieKey, _ := base64.StdEncoding.DecodeString(cfg.SecureCookieKey)

	cookie := securecookie.New(

	renderOptions := render.Options{
		IsDevelopment: cfg.IsDev(),

	renderer := render.New(renderOptions)

	feedparser := feedparser.New()

	return &Server{
		DB:         db,
		Config:     cfg,
		Log:        log,
		Render:     renderer,
		Cookie:     cookie,
		Feedparser: feedparser,
		Mailer:     mailer,
Esempio n. 2
File: main.go Progetto: leobcn/fofou
// reads the configuration file from the path specified by
// the config command line flag.
func readConfig(configFile string) error {
	b, err := ioutil.ReadFile(configFile)
	if err != nil {
		return fmt.Errorf("%s config file doesn't exist. Read for config instructions", configFile)
	err = json.Unmarshal(b, &config)
	if err != nil {
		return err
	cookieAuthKey, err = hex.DecodeString(*config.CookieAuthKeyHexStr)
	if err != nil {
		return err
	cookieEncrKey, err = hex.DecodeString(*config.CookieEncrKeyHexStr)
	if err != nil {
		return err
	secureCookie = securecookie.New(cookieAuthKey, cookieEncrKey)
	// verify auth/encr keys are correct
	val := map[string]string{
		"foo": "bar",
	_, err = secureCookie.Encode(cookieName, val)
	if err != nil {
		// for convenience, if the auth/encr keys are not set,
		// generate valid, random value for them
		fmt.Printf("CookieAuthKeyHexStr and CookieEncrKeyHexStr are invalid or missing in %q\nYou can use the following random values:\n", configFile)
		auth := securecookie.GenerateRandomKey(32)
		encr := securecookie.GenerateRandomKey(32)
		fmt.Printf("CookieAuthKeyHexStr: %s\nCookieEncrKeyHexStr: %s\n", hex.EncodeToString(auth), hex.EncodeToString(encr))
	// TODO: somehow verify twitter creds
	return err
Esempio n. 3
// InitFromMetadataOrJSON must be called before any other login methods.
// InitFromMetadataOrJSON will eventually replace all instances of Init, at
// which point it will be renamed back to Init().
// The function first tries to load the cookie salt, client id, and client
// secret from GCE project level metadata. If that fails it looks for a
// "client_secret.json" file in the current directory to extract the client id
// and client secret from. If both of those fail then it returns an error.
// The authWhiteList is the space separated list of domains and email addresses
// that are allowed to log in. The authWhiteList will be overwritten from
// GCE instance level metadata if present.
func InitFromMetadataOrJSON(redirectURL, scopes string, authWhiteList string) error {
	cookieSalt, clientID, clientSecret := tryLoadingFromMetadata()
	if clientID == "" {
		b, err := ioutil.ReadFile("client_secret.json")
		if err != nil {
			return fmt.Errorf("Failed to read from metadata and from client_secret.json file: %s", err)
		config, err := google.ConfigFromJSON(b)
		if err != nil {
			return fmt.Errorf("Failed to read from metadata and decode client_secret.json file: %s", err)
		clientID = config.ClientID
		clientSecret = config.ClientSecret
	secureCookie = securecookie.New([]byte(cookieSalt), nil)
	oauthConfig.ClientId = clientID
	oauthConfig.ClientSecret = clientSecret
	oauthConfig.RedirectURL = redirectURL
	oauthConfig.Scope = scopes
	// We allow for meta data to not be present.
	whiteList, err := metadata.Get(metadata.AUTH_WHITE_LIST)
	if err != nil {
		glog.Infof("Failed to retrieve auth whitelist from instance meta data: %s", err)
	} else {
		authWhiteList = whiteList
	activeDomainWhiteList, activeEmailWhiteList = splitAuthWhiteList(authWhiteList)
	return nil
Esempio n. 4
// AuthHandler allows to get admin web interface token.
func (app *Application) AuthHandler(w http.ResponseWriter, r *http.Request) {
	password := r.FormValue("password")
	if app.config.WebPassword == "" || app.config.WebSecret == "" {
		logger.ERROR.Println("web_password and web_secret must be set in configuration")
		http.Error(w, "Bad Request", http.StatusBadRequest)
	if password == app.config.WebPassword {
		w.Header().Set("Content-Type", "application/json")
		s := securecookie.New([]byte(app.config.WebSecret), nil)
		token, err := s.Encode(AuthTokenKey, AuthTokenValue)
		if err != nil {
			http.Error(w, "Internal Server Error", http.StatusInternalServerError)
		resp := map[string]string{
			"token": token,
	http.Error(w, "Bad Request", http.StatusBadRequest)
Esempio n. 5
func (a *App) Parse(filepath string) {
	var (
		hashkey  []byte
		blockkey []byte
	file, err := ioutil.ReadFile(filepath)
	if err != nil {
		log.Fatal("Could not parse config.json: ", err)
	if err := json.Unmarshal(file, a); err != nil {
		log.Fatal("Error parsing config.json: ", err)
	if a.Hashkey == "" {
		hashkey = securecookie.GenerateRandomKey(16)
	} else {
		hashkey = []byte(a.Hashkey)
	if a.Blockkey == "" {
		blockkey = securecookie.GenerateRandomKey(16)
	} else {
		blockkey = []byte(a.Blockkey)
	a.Scook = securecookie.New(hashkey, blockkey)
	a.Templates = template.Must(template.ParseGlob("./static/views/*"))
Esempio n. 6
func NewServer(name string, middlewares ...echo.Middleware) (s *Server) {
	s = &Server{
		Name:               name,
		Apps:               make(map[string]*App),
		apps:               make(map[string]*App),
		DefaultMiddlewares: []echo.Middleware{webxHeader(), mw.Log(), mw.Recover()},
		TemplateDir:        `template`,
		Url:                `/`,
		MaxUploadSize:      10 * 1024 * 1024,
		CookiePrefix:       "webx_" + name + "_",
		CookieHttpOnly:     true,
	s.InitContext = func(e *echo.Echo) interface{} {
		return NewContext(s, echo.NewContext(nil, nil, e))

	s.CookieAuthKey = string(codec.GenerateRandomKey(32))
	s.CookieBlockKey = string(codec.GenerateRandomKey(32))
	s.SessionStoreEngine = `cookie`
	s.SessionStoreConfig = s.CookieAuthKey
	s.Codec = codec.New([]byte(s.CookieAuthKey), []byte(s.CookieBlockKey))
	s.Core = echo.NewWithContext(s.InitContext)
	s.URL = NewURL(name, s)
	servs.Set(name, s)
Esempio n. 7
// reads the configuration file from the path specified by
// the config command line flag.
func readConfig(configFile string) error {
	b, err := ioutil.ReadFile(configFile)
	if err != nil {
		return err
	err = json.Unmarshal(b, &config)
	if err != nil {
		return err
	cookieAuthKey, err = hex.DecodeString(*config.CookieAuthKeyHexStr)
	if err != nil {
		return err
	cookieEncrKey, err = hex.DecodeString(*config.CookieEncrKeyHexStr)
	if err != nil {
		return err
	secureCookie = securecookie.New(cookieAuthKey, cookieEncrKey)
	// verify auth/encr keys are correct
	val := map[string]string{
		"foo": "bar",
	_, err = secureCookie.Encode(cookieName, val)
	if err != nil {
		// for convenience, if the auth/encr keys are not set,
		// generate valid, random value for them
		auth := securecookie.GenerateRandomKey(32)
		encr := securecookie.GenerateRandomKey(32)
		fmt.Printf("auth: %s\nencr: %s\n", hex.EncodeToString(auth), hex.EncodeToString(encr))
	// TODO: somehow verify twitter creds
	return err
Esempio n. 8
// handles the login process
// the first param is a map of strings that will be added to the cookie data before encryption and will be
// able to be recovered when Check() is called
func Login(ctx *gin.Context, extra map[string]string) error {

	data := make(map[string]string)

	for key, value := range extra {

		if key == "ip" || key == "hash" || key == "experation" {
			return errors.New("The key '" + key + "' is reserved.")

		data[key] = value

	// our current time + our expiration time, converted to a unix time stamp
	data["expiration"] = strconv.FormatInt(time.Now().Add(time.Duration(Expiration)*time.Second).Unix(), 10)
	data["ip"] = ip(ctx)
	data["hash"] = hashHeader(ctx)

	// encode our cookie data securely
	SecureCookie = securecookie.New(HashKey, BlockKey)
	if encoded, err := SecureCookie.Encode(CookieName, data); err == nil {

		//set our cookie
		cookie := http.Cookie{Name: CookieName, Value: encoded, Path: "/", MaxAge: int(Expiration)}
		http.SetCookie(ctx.Writer, &cookie)

	} else {
		return err

	return nil
Esempio n. 9
func generateCookie() *securecookie.SecureCookie {
	// Generates SecureCookie type object and returns a pointer to it.
	// It is used to Encode/Decode plain data to/from a cookie.

	S := securecookie.New([]byte(config.Config.Secret1), []byte(config.Config.Secret2))
	return S
Esempio n. 10
File: routes.go Progetto: astub/pfm
func NewRouter(db DataHandler) *mux.Router {

	fe := FrontEnd{DataHandler: db}
	fe.CookieHandler = securecookie.New(securecookie.GenerateRandomKey(64), securecookie.GenerateRandomKey(32))
	fe.CacheOld = true

	var routes = Routes{
		Route{"Index", "GET", "/", Index},
		Route{"EventNews", "GET", "/eventnews", EventNewsPage},
		Route{"Media", "GET", "/media", MediaPage},
		Route{"ExhibitsPage", "GET", "/exhibits", ExhibitsPage},
		Route{"Resources", "GET", "/resourcesqq", Resources},
		Route{"InfoPage", "GET", "/info", InfoPage},

		Route{"GetPosts", "GET", "/get_posts", fe.GetPosts},
		Route{"ShowPost", "GET", "/post/{id}", fe.ShowPost},

		Route{"ImgUpload", "POST", "/upload_img", ImgUpload},
		Route{"AddPost", "POST", "/new_post", fe.NewPost},
		Route{"UpdatePost", "POST", "/update_post", fe.UpdatePost},
		Route{"DeletePost", "POST", "/delete_postqq/{id}", fe.DeletePost},

	router := mux.NewRouter().StrictSlash(true)

	for _, route := range routes {

	return router

Esempio n. 11
func init() {
	//configs = my_local.Load_config(filepath.Join(getCurrentDir(), "config.json"))
	configs = my_config.Load_config("./config.json")
	//cookieHandler = securecookie.New(
	//	securecookie.GenerateRandomKey(32),
	//	securecookie.GenerateRandomKey(32))
	cookieHandler = securecookie.New(
	CSRF = csrf.Protect([]byte(configs.CsrfAuthKey), csrf.Secure(false))
	// First we create a FuncMap with which to register the function.
	funcMap = template.FuncMap{
		// The name "title" is what the function will be called in the template text.
		"trim":  strings.TrimSpace,
		"lower": strings.ToLower,
		"upper": strings.ToUpper,
		"safehtml": func(text string) template.HTML {
			return template.HTML(text)
	g_templates = make(myTemplates)
	fmt.Printf("%v\n", g_templates)
	r = gin.New()
Esempio n. 12
func main() {
	log.Println("Starting Server")
	log.Println("Starting mongo db session")
	session, err := mgo.Dial("localhost")
	if err != nil {
	defer session.Close()
	// Optional. Switch the session to a monotonic behavior.
	session.SetMode(mgo.Monotonic, true)
	finalFormsCollection = session.DB("irsForms").C("finalForms")
	draftFormsCollection = session.DB("irsForms").C("draftForms")
	userCollection = session.DB("irsForms").C("users")
	hashKey = []byte(securecookie.GenerateRandomKey(32))
	blockKey = []byte(securecookie.GenerateRandomKey(32))
	secureCookieInstance = securecookie.New(hashKey, blockKey)

	r := mux.NewRouter()
	r.HandleFunc("/register", RegisterHandler)
	r.HandleFunc("/sockets", SocketsHandler)
	r.HandleFunc("/links", getLinksHandler).Methods("GET")
	r.HandleFunc("/updateLinks", UpdateLinksHandler).Methods("POST")
	r.HandleFunc("/draft_forms", DraftFormsHandler).Methods("GET")
	r.HandleFunc("/update_draft_forms", UpdateDraftFormsHandler).Methods("POST")
	r.HandleFunc("/form_report_items", createFormReportHandler).Methods("GET")
	r.HandleFunc("/draft_form_report_items", createDraftFormReportHandler).Methods("GET")
	http.Handle("/", r)

	log.Println("Listening on 8080")
	http.ListenAndServe(":8080", nil)
Esempio n. 13
// checkAuthToken checks admin connection token which Centrifugo returns after admin login
func (app *Application) checkAuthToken(token string) error {

	secret := app.config.WebSecret

	if secret == "" {
		logger.ERROR.Println("provide web_secret in configuration")
		return ErrUnauthorized

	if token == "" {
		return ErrUnauthorized

	s := securecookie.New([]byte(secret), nil)
	var val string
	err := s.Decode(AuthTokenKey, token, &val)
	if err != nil {
		return ErrUnauthorized

	if val != AuthTokenValue {
		return ErrUnauthorized
	return nil
Esempio n. 14
func init() {
	hashKey = []byte(os.Getenv("HASHKEY"))
	if bKey := os.Getenv("BLOCKKEY"); bKey != "" {
		blockKey = []byte(bKey)
	sCookie = securecookie.New(hashKey, blockKey)
Esempio n. 15
func InitServer(r *mux.Router) {

	s := &Server{securecookie.New([]byte("MiaMySuperSecret"), []byte("MiaMySuperSecret"))}

	r.HandleFunc("/login", s.handleLogin)

Esempio n. 16
func NewUserCookieCodec(hashKey string, blockKey string) *securecookie.SecureCookie {
	return securecookie.New(
Esempio n. 17
// Sign the specified cookie's value
func signCookie(ck *http.Cookie, secret string) error {
	sck := securecookie.New([]byte(secret), nil)
	enc, err := sck.Encode(ck.Name, ck.Value)
	if err != nil {
		return err
	ck.Value = enc
	return nil
Esempio n. 18
// DecodeState decodes the oauth2 transfer state encoded with EncodeState.
func (p Provider) DecodeState(data string) (map[string]string, error) {
	sc := securecookie.New(p.Secret, p.BlockSecret)

	state := make(map[string]string)
	err := sc.Decode(p.SessionKey, data, &state)

	return state, err
Esempio n. 19
// Parse a signed cookie and return the cookie value
func parseSignedCookie(ck *http.Cookie, secret string) (string, error) {
	var val string

	sck := securecookie.New([]byte(secret), nil)
	err := sck.Decode(ck.Name, ck.Value, &val)
	if err != nil {
		return "", err
	return val, nil
Esempio n. 20
// Protect is HTTP middleware that provides Cross-Site Request Forgery
// protection.
// It securely generates a masked (unique-per-request) token that
// can be embedded in the HTTP response (e.g. form field or HTTP header).
// The original (unmasked) token is stored in the session, which is inaccessible
// by an attacker (provided you are using HTTPS). Subsequent requests are
// expected to include this token, which is compared against the session token.
// Requests that do not provide a matching token are served with a HTTP 403
// 'Forbidden' error response.
// Example:
//	package main
//	import (
//	    ""
//	    ""
//	)
//	func main() {
//	    // Add the middleware to your router.
//	    goji.Use(csrf.Protect([]byte("32-byte-long-auth-key")))
//	    goji.Get("/signup", GetSignupForm)
//	    // POST requests without a valid token will return a HTTP 403 Forbidden.
//	    goji.Post("/signup/post", PostSignupForm)
//	    goji.Serve()
//	}
//	func GetSignupForm(c web.C, w http.ResponseWriter, r *http.Request) {
//	    // signup_form.tmpl just needs a {{ .csrfField }} template tag for
//	    // csrf.TemplateField to inject the CSRF token into. Easy!
//	    t.ExecuteTemplate(w, "signup_form.tmpl", map[string]interface{
//	        csrf.TemplateTag: csrf.TemplateField(c, r),
//	    })
//	    // We could also retrieve the token directly from csrf.Token(c, r) and
//	    // set it in the request header - w.Header.Set("X-CSRF-Token", token)
//	    // This is useful if your sending JSON to clients or a front-end JavaScript
//	    // framework.
//	}
func Protect(authKey []byte, opts ...Option) func(*web.C, http.Handler) http.Handler {
	return func(c *web.C, h http.Handler) http.Handler {
		cs := parseOptions(h, opts...)

		// Set the defaults if no options have been specified
		if cs.opts.ErrorHandler == nil {
			cs.opts.ErrorHandler = web.HandlerFunc(unauthorizedHandler)

		if cs.opts.MaxAge < 1 {
			// Default of 12 hours
			cs.opts.MaxAge = 3600 * 12

		if cs.opts.FieldName == "" {
			cs.opts.FieldName = fieldName

		if cs.opts.CookieName == "" {
			cs.opts.CookieName = cookieName

		if cs.opts.RequestHeader == "" {
			cs.opts.RequestHeader = headerName

		// Create an authenticated securecookie instance.
		if == nil { = securecookie.New(authKey, nil)
			// Use JSON serialization (faster than one-off gob encoding){})
			// Set the MaxAge of the underlying securecookie.

		if == nil {
			// Default to the cookieStore = &cookieStore{
				name:     cs.opts.CookieName,
				maxAge:   cs.opts.MaxAge,
				secure:   cs.opts.Secure,
				httpOnly: cs.opts.HttpOnly,
				path:     cs.opts.Path,
				domain:   cs.opts.Domain,

		// Initialize Goji's request context
		cs.c = c

		return *cs
Esempio n. 21
func encodeBadState(p *Provider, state map[string]string, t *testing.T) string {
	sc := securecookie.New([]byte(p.Secret), []byte(p.BlockSecret))

	s, err := sc.Encode(p.SessionKey, state)
	if err != nil {
		t.Error("encodeBadState should not error")

	return s
Esempio n. 22
func (c *Context) GetAuthInfo(r *http.Request) (*UserData, error) {
	if c.cookieCodec == nil {
		c.cookieCodec = securecookie.New(c.SecureKey, nil)
	var uid int64
	if cookie, err := r.Cookie("uid"); err == nil {
		if err = c.cookieCodec.Decode("uid", cookie.Value, &uid); err == nil {
			return c.GetUserFull(uid)
	return nil, ErrUserNotExist
Esempio n. 23
func createCookie() *http.Cookie {
	hashKey := securecookie.GenerateRandomKey(32)
	s := securecookie.New(hashKey, blockKey)
	sessionID, _ := uuid.NewV4()
	log.Println("UUID: ", sessionID)
	encoded, _ := s.Encode("sessionID", sessionID)
	cookie := &http.Cookie{
		Name:  "sessionID",
		Value: encoded,
	return cookie
Esempio n. 24
func Write(w http.ResponseWriter, c *Cookie) {
	s := securecookie.New(HashKey, BlockKey)
	if encoded, err := s.Encode(c.Name, c.Values); err == nil {
		cookie := &http.Cookie{
			Name:  c.Name,
			Value: encoded,
			Path:  c.Path,

		http.SetCookie(w, cookie)
Esempio n. 25
// EncodeState returns an encoded (and secure) oauth2 transfer state for the
// provided session id, named provider, and specified resource.
func (p Provider) EncodeState(sessionID, provName, resource string) (string, error) {
	sc := securecookie.New(p.Secret, p.BlockSecret)

	state := map[string]string{
		"sid":      sessionID,
		"provider": provName,
		"resource": resource,

	return sc.Encode(p.SessionKey, state)
Esempio n. 26
File: auth.go Progetto: oesmith/agr
func newAuthWithKeys(db db.DB, cookieKey []byte, passwordSalt []byte) *Auth {
	if len(cookieKey) != 64 {
		panic("Cookie key should be 64 bytes long")
	a := &Auth{
		db:           db,
		passwordSalt: passwordSalt,
		secureCookie: securecookie.New(cookieKey, nil),
	a.PingHandler = a.RequireUser(http.HandlerFunc(a.pingHandler))
	return a
Esempio n. 27
func init() {
	// Register the custom type to gob.

	bitmonster.OnInit(func() {
		// Create a new secure cookie object with the cookie keys
		secureCookie = securecookie.New([]byte(settings.Settings.AuthHashKey), []byte(settings.Settings.AuthBlockKey))

		// Set the max age in seconds
Esempio n. 28
func NewTickets(sessionSecret, encryptionSecret []byte, realm string) Tickets {
	tickets := &tickets{
		fmt.Sprintf("token@%s", realm),
	tickets.SecureCookie = securecookie.New(sessionSecret, encryptionSecret)
	tickets.MaxAge(86400 * 30) // 30 days

	return tickets
Esempio n. 29
File: cookie.go Progetto: qorio/omni
func NewSecureCookie(hmacKey []byte, optionalEncryptionKey []byte) (sc *SecureCookie, err error) {
	if hmacKey == nil {
		return nil, errors.New("requires hmac key")

	var ec []byte = nil
	if optionalEncryptionKey != nil && len(optionalEncryptionKey) > 0 {
		ec = optionalEncryptionKey
	return &SecureCookie{
		hmacKey:      hmacKey,
		encryptKey:   ec,
		secureCookie: securecookie.New(hmacKey, ec)}, nil
Esempio n. 30
func Read(r *http.Request, name string) (*Cookie, error) {
	s := securecookie.New(HashKey, BlockKey)
	cookie, err := r.Cookie(name)
	if err != nil {
		return nil, err

	values := CookieValues{}
	err = s.Decode(name, cookie.Value, &values)
	if err != nil {
		return nil, err

	return &Cookie{Name: cookie.Name, Path: cookie.Path, Values: values}, nil