/
cookies.go
95 lines (74 loc) · 2.07 KB
/
cookies.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
package main
import "crypto/hmac"
import "encoding/base64"
import "time"
import "http"
import "bytes"
import "strings"
import "fmt"
import "strconv"
import "io/ioutil"
func ParseCookies(req *http.Request) (jar map[string]string) {
jar = make(map[string]string)
if v, ok := req.Header["Cookie"]; ok {
cookies := strings.Split(v, ";", -1)
var seg []string
for _, cookie := range cookies {
cookie = strings.TrimSpace(cookie)
if seg = strings.Split(cookie, "=", 2); len(seg) < 2 {
continue
}
jar[seg[0]] = seg[1]
}
}
return
}
func SetSecureCookie(rw http.ResponseWriter, name, val, path string, timeout int64) {
var buf bytes.Buffer
e := base64.NewEncoder(base64.StdEncoding, &buf)
e.Write([]byte(val))
e.Close()
ts := strconv.Itoa64(time.Seconds())
data := strings.Join([]string{buf.String(), ts, getCookieSig(buf.Bytes(), ts)}, "|")
var cookie string
// Timeout of -1 is a special case that omits the entire 'expires' bit.
// This is used for cookies which expire as soon as a user's session ends.
if timeout != -1 {
t := time.UTC()
t = time.SecondsToUTC(t.Seconds() + timeout)
ts = t.Format(time.RFC1123)
ts = ts[0:len(ts)-3] + "GMT"
cookie = fmt.Sprintf("%s=%s; expires=%s; path=%s", name, data, ts, path)
} else {
cookie = fmt.Sprintf("%s=%s; path=%s", name, data, path)
}
if context.Config().Secure {
cookie += "; secure"
}
rw.SetHeader("Set-Cookie", cookie)
}
func GetSecureCookie(jar map[string]string, name string) string {
var cookie string
var ok bool
if cookie, ok = jar[name]; !ok {
return ""
}
parts := strings.Split(cookie, "|", 3)
if getCookieSig([]byte(parts[0]), parts[1]) != parts[2] {
return ""
}
ts, _ := strconv.Atoi64(parts[1])
if time.Seconds()-2678400 > ts {
return ""
}
buf := bytes.NewBufferString(parts[0])
e := base64.NewDecoder(base64.StdEncoding, buf)
d, _ := ioutil.ReadAll(e)
return string(d)
}
func getCookieSig(val []byte, timestamp string) string {
hm := hmac.NewSHA1([]byte(context.Config().CookieSalt))
hm.Write(val)
hm.Write([]byte(timestamp))
return fmt.Sprintf("%02x", hm.Sum())
}