Exemplo n.º 1
0
func (ri *RequestId) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
	if req.Method() == "GET" {
		chain(req, resp)
		return
	}

	reqId := req.Header(ri.HeaderName)
	if reqId == "" {
		if ri.PassingOnNoId {
			chain(req, resp)
		} else {
			resp.ReportBadRequest()
			resp.Send("error", ri.Error)
		}
	} else {
		id := req.RemoteIP() + ":" + reqId
		if err := ri.Store.Save(id); err == ErrRequestIDExist {
			resp.ReportForbidden()
			resp.Send("error", ri.ErrorOverlap)
		} else if err != nil {
			ri.logger.Warnln(err)
		} else {
			chain(req, resp)
			ri.Store.Remove(id)
		}
	}
}
Exemplo n.º 2
0
func (x *Xsrf) VerifyFor(req zerver.Request) bool {
	m := req.Method()
	if !x.FilterGet && (m == "GET" || m == "HEAD" || m == "OPTIONS") {
		return true
	}

	token := req.Header(_HEADER_XSRFTOKEN)
	if token == "" {
		token = req.Header(_HEADER_CSRFTOKEN)
		if token == "" {
			token = req.Param(_XSRF_PARAM_NAME)
			if token == "" {
				return false
			}
		}
	}

	data := x.verify(unsafe2.Bytes(token))
	if data != nil {
		x.Pool.Put(data)
		t, ip, agent := x.TokenInfo.Unmarshal(data)
		return t != -1 &&
			t+x.Timeout >= time2.Now().Unix() &&
			ip == req.RemoteIP() &&
			agent == req.UserAgent()
	}

	return false
}
Exemplo n.º 3
0
func (c *CORS) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
	reqMethod := req.Header(_CORS_REQUESTMETHOD)
	reqHeaders := req.Header(_CORS_REQUESTHEADERS)

	if req.Method() == "OPTIONS" && (reqMethod != "" || reqHeaders != "") {
		c.preflight(req, resp, reqMethod, reqHeaders)
	} else {
		c.filter(req, resp, chain)
	}
}
Exemplo n.º 4
0
// Create xsrf token, used as zerver.HandleFunc
func (x *Xsrf) Create(req zerver.Request, resp zerver.Response) {
	tokBytes, err := x.CreateFor(req)
	if err == nil {
		resp.ReportServiceUnavailable()
		return
	}

	if req.Method() == "POST" {
		resp.ReportCreated()
	}

	defer x.Pool.Put(tokBytes)
	x.logger.Warnln(resp.Send("tokBytes", tokBytes))
}
Exemplo n.º 5
0
func (l *Log) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
	if l.CountTime {
		nano := time.Now().UnixNano()

		chain(req, resp)
		nano = time.Now().UnixNano() - nano
		l.logger.Infoln(
			time2.ToHuman(nano),
			resp.Status(),
			req.Method(),
			req.URL().Path,
			req.RemoteIP(),
			req.UserAgent())
	} else {
		chain(req, resp)
		l.logger.Infoln(
			resp.Status(),
			req.Method(),
			req.URL().Path,
			req.RemoteIP(),
			req.UserAgent())
	}
}
Exemplo n.º 6
0
func (l *Log) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
	if l.CountTime {
		now := time2.Now()

		chain(req, resp)
		cost := time2.Now().Sub(now)
		l.logger.Infoln(
			cost.String(),
			resp.Status(),
			req.Method(),
			req.URL().Path,
			req.RemoteIP(),
			req.UserAgent())
	} else {
		chain(req, resp)
		l.logger.Infoln(
			resp.Status(),
			req.Method(),
			req.URL().Path,
			req.RemoteIP(),
			req.UserAgent())
	}
}
Exemplo n.º 7
0
func (j JSONP) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
	if req.Method() != "GET" {
		chain(req, resp)
		return
	}

	res, _ := req.ResourceMaster().Resource(resource.RES_JSON)
	if res == nil {
		resp.ReportNotAcceptable()
		return
	}

	callback := req.Param(string(j))
	if callback == "" {
		resp.ReportBadRequest()
		resp.Send("error", "no callback function")
		return
	}

	resp.SetContentType(resource.RES_JSON, res)
	_, err := resp.WriteString(callback)
	if err != nil {
		goto ERROR
	}
	_, err = resp.WriteString("(")
	if err != nil {
		goto ERROR
	}
	chain(req, resp)
	_, err = resp.WriteString(")")
	if err == nil {
		return
	}
ERROR:
	req.Logger().Warnln(err)
}