func LoggedIn(w http.ResponseWriter, r *http.Request, s *securecookie.SecureCookie) bool {
if cookie, err := r.Cookie("whiteboard"); err == nil {
value := make(map[string]string)
if err = s.Decode("whiteboard", cookie.Value, &value); err == nil {
return true
}
return false
}
return false
}
func FetchCookie(r *http.Request, storedCookie *securecookie.SecureCookie, cookieName string) string {
if cookie, err := r.Cookie(cookieName); err == nil {
value := make(map[string]string)
if cookie != nil {
err = storedCookie.Decode(cookieName, cookie.Value, &value)
if len(value[cookieName]) > 0 && err == nil {
return value[cookieName]
}
}
}
return ""
}
func VerifyXSRFToken(w http.ResponseWriter, r *http.Request, sessionStore sessions.Store, secureCookie *securecookie.SecureCookie) bool {
xsrftoken := r.Header.Get(XSRFTOKENHEADER)
userID := ""
err := secureCookie.Decode(XSRFTOKEN, xsrftoken, &userID)
if err == nil {
session, _ := sessionStore.Get(r, SESSIONNAME)
if userID != "" && userID == session.Values["username"].(string) {
xlog.Infof("XSRF verification success for user %s", session.Values["username"].(string))
return true
}
xlog.Errorf("XSRF issue: userID = %s session = %s", userID, session.Values["username"].(string))
}
xlog.Errorf("XSRF verification failed: %v (Request: %#v", err, *r)
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
StatCount("XSRF verification failed", 1)
return false
}
