func TokenGet(c context.Context, w http.ResponseWriter, r *http.Request, u *User, g *goon.Goon) (interface{}, error) { if !validCSRF(r.FormValue("csrf"), u) { return nil, errCSRF } redir, err := url.Parse(r.FormValue("redirect")) if err != nil { return nil, err } uk, err := g.KeyError(u) if err != nil { return nil, err } b := make([]byte, 64) if _, err := rand.Read(b); err != nil { return nil, err } token := &Token{ ID: base64.URLEncoding.EncodeToString(b), User: uk, Name: r.FormValue("hostname"), Issued: time.Now(), } if _, err := g.Put(token); err != nil { return nil, err } values := redir.Query() values.Add("token", token.ID) redir.RawQuery = values.Encode() http.Redirect(w, r, redir.String(), 302) return nil, nil }