func main() {
// Create cookie store
Store = sessions.NewCookieStore([]byte("This is super screen..."))
Store.Options = &sessions.Options{
//Domain: "localhost", // Chrome doesn't work with localhost domain
Path: "/",
MaxAge: 3600 * 8, // 8 hours
HttpOnly: true,
}
// Default handler
h := http.HandlerFunc(routeLogin)
// Prevents CSRF
cs := csrfbanana.New(h, Store, SessionName)
// Set error page for CSRF
cs.FailureHandler(http.HandlerFunc(routeInvalidToken))
// Generate a new token after each check (also prevents double submits)
cs.ClearAfterUsage(true)
// Exclude /static/ from tokens (even though we don't have a static file handler...)
cs.ExcludeRegexPaths([]string{"/static(.*)"})
// Optional - set the token length
csrfbanana.TokenLength = 32
// Optional - set the token name used in the forms
csrfbanana.TokenName = "token"
fmt.Println("Listening on http://localhost:80/")
http.ListenAndServe(":8080", cs)
}
func middleware(h http.Handler) http.Handler {
// Prevents CSRF and Double Submits
cs := csrfbanana.New(h, session.Store, session.Name)
cs.FailureHandler(http.HandlerFunc(controller.InvalidToken))
cs.ClearAfterUsage(true)
cs.ExcludeRegexPaths([]string{"/static(.*)"})
csrfbanana.TokenLength = 32
csrfbanana.TokenName = "token"
h = cs
// Log every request
h = logrequest.Handler(h)
// Clear handler for Gorilla Context
h = context.ClearHandler(h)
return h
}