// AddSignedCookie adds the specified cookie to the response and also adds an
// additional 'signed' cookie that is used to validate the cookies value when
// SignedCookie is called.
func (c *Context) AddSignedCookie(cookie *http.Cookie) (*http.Cookie, error) {
// make the signed cookie
signedCookie := new(http.Cookie)
// copy the cookie settings
signedCookie.Path = cookie.Path
signedCookie.Domain = cookie.Domain
signedCookie.RawExpires = cookie.RawExpires
signedCookie.Expires = cookie.Expires
signedCookie.MaxAge = cookie.MaxAge
signedCookie.Secure = cookie.Secure
signedCookie.HttpOnly = cookie.HttpOnly
signedCookie.Raw = cookie.Raw
// set the signed cookie specifics
signedCookie.Name = toSignedCookieName(cookie.Name)
signedCookie.Value = Hash(cookie.Value)
// add the cookies
http.SetCookie(c.ResponseWriter, cookie)
http.SetCookie(c.ResponseWriter, signedCookie)
// return the new signed cookie (and no error)
return signedCookie, nil
}
// parse parses a Set-Cookie header into a cookie.
// It supports space in name unlike net/http.
// Returns nil if invalid.
func parse(s string) *http.Cookie {
var c http.Cookie
for i, field := range strings.Split(s, ";") {
if len(field) == 0 {
continue
}
nv := strings.SplitN(field, "=", 2)
name := strings.TrimSpace(nv[0])
value := ""
if len(nv) > 1 {
value = strings.TrimSpace(nv[1])
}
if i == 0 {
if len(nv) != 2 {
continue
}
c.Name = name
c.Value = value
continue
}
switch strings.ToLower(name) {
case "secure":
c.Secure = true
case "httponly":
c.HttpOnly = true
case "domain":
c.Domain = value
case "max-age":
secs, err := strconv.Atoi(value)
if err != nil || secs != 0 && value[0] == '0' {
continue
}
if secs <= 0 {
c.MaxAge = -1
} else {
c.MaxAge = secs
}
case "expires":
exptime, err := time.Parse(time.RFC1123, value)
if err != nil {
exptime, err = time.Parse("Mon, 02-Jan-2006 15:04:05 MST", value)
if err != nil {
c.Expires = time.Time{}
continue
}
}
c.Expires = exptime.UTC()
case "path":
c.Path = value
}
}
if c.Name == "" {
return nil
}
return &c
}
func (this *homeController) login(w http.ResponseWriter, req *http.Request) {
responseWriter := util.GetResponseWriter(w, req)
defer responseWriter.Close()
responseWriter.Header().Add("Content-Type", "text/html")
vm := viewmodels.GetLogin()
if req.FormValue("submit") == "signup" {
http.Redirect(w, req, "/signup", http.StatusFound)
} else {
if req.Method == "POST" {
email := req.FormValue("email")
password := req.FormValue("password")
member, err := models.GetMember(email, password)
if err == nil {
session, err := models.CreateSession(member)
if err == nil {
var cookie http.Cookie
cookie.Name = "goSessionId"
cookie.Expires = time.Now().Add(10 * time.Minute)
cookie.Value = strconv.Itoa(session.MemberId())
responseWriter.Header().Add("Set-Cookie", cookie.String())
var cookie2 http.Cookie
cookie2.Name = "loggedName"
cookie2.Expires = time.Now().Add(10 * time.Minute)
cookie2.Value = member.FirstName()
responseWriter.Header().Add("Set-Cookie", cookie2.String())
}
vmh := viewmodels.GetHome()
vmh.LoggedIn = true
vmh.LoggedName = member.FirstName()
this.template.Execute(responseWriter, vmh)
} else {
this.loginTemplate.Execute(responseWriter, vm)
}
} else {
this.loginTemplate.Execute(responseWriter, vm)
}
}
}
func CreateCookie(u string, db *sql.DB, persistent bool, app bool) (http.Cookie, error) {
alphaNum := []byte("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuv")
randValue := ""
for i := 0; i < 32; i++ {
num, err := RandKey(58)
if err != nil {
return http.Cookie{}, err
}
randValue = randValue + string(alphaNum[num])
}
authCookie := http.Cookie{
Name: "5sur",
Value: randValue,
Path: "/",
Domain: "5sur.com", // Add domain name in the future
Secure: true, // SSL only
HttpOnly: true, // HTTP(S) only
}
if persistent {
authCookie.Expires = time.Now().AddDate(0, 1, 0) // One month from now
} else {
// Session cookie
}
err := updateSession(randValue, u, db, app)
if err != nil {
return http.Cookie{}, err
}
return authCookie, nil
}
// Answers to /sso, returns the SSO cookie and redirects to /startpage
func handler(w http.ResponseWriter, r *http.Request) {
re := regexp.MustCompile("CN=([ 0-9A-Za-z_]+)")
user := r.Header.Get("Certificate-User")
if user == "" {
log.Panicf("Did not get user!")
}
match := re.FindStringSubmatch(user)
if len(match) != 2 {
log.Panicf("No CN found!")
}
cn := match[1]
sessionid := getSessionID(cn, r.Header.Get("X-Forwarded-For"))
token := generate_session_token(sessionid, cn)
signature := sign_session_token(token)
cookie := http.Cookie{}
cookie.Name = "PLAY_SESSION"
cookie.Value = signature + "-" + token
cookie.Path = "/"
cookie.Domain = external_host
cookie.Expires = time.Now().Add(356 * 24 * time.Hour)
cookie.HttpOnly = true
http.SetCookie(w, &cookie)
http.Redirect(w, r, "/startpage", http.StatusFound)
}
func (ss signedCookieSessionHandler) writeToResponse(s SignedCookieSession, resp goanna.Response) {
bytes, err := s.sessionData.Unmarshal()
if err != nil {
log.Println(err.Error())
}
cookie := http.Cookie{
Name: ss.CookieName,
Value: base64.URLEncoding.EncodeToString(bytes),
HttpOnly: true,
Secure: ss.Secure,
Path: "/",
}
ss.CookieSigner.EncodeCookie(&cookie)
maxage := int(s.MaxAge() / time.Second)
if maxage != 0 {
if s.preferExpires {
cookie.Expires = time.Now().Add(s.MaxAge())
} else {
cookie.MaxAge = maxage
}
}
resp.SetCookie(cookie)
}
func (this *homeController) signup(w http.ResponseWriter, req *http.Request) {
responseWriter := util.GetResponseWriter(w, req)
defer responseWriter.Close()
responseWriter.Header().Add("Content-Type", "text/html")
if req.Method == "POST" {
firstName := req.FormValue("firstName")
email := req.FormValue("email")
password := req.FormValue("password")
err := models.InsertMember(firstName, email, password)
if err == nil {
member, _ := models.GetMember(email, password)
member, errr := models.GetMember(email, password)
if errr == nil {
session, err := models.CreateSession(member)
if err == nil {
var cookie http.Cookie
cookie.Name = "goSessionId"
cookie.Expires = time.Now().Add(10 * time.Minute)
cookie.Value = strconv.Itoa(session.MemberId())
responseWriter.Header().Add("Set-Cookie", cookie.String())
var cookie2 http.Cookie
cookie2.Name = "loggedName"
cookie2.Expires = time.Now().Add(10 * time.Minute)
cookie2.Value = member.FirstName()
responseWriter.Header().Add("Set-Cookie", cookie2.String())
}
http.Redirect(w, req, "/home", http.StatusFound)
}
}
}
vm := viewmodels.GetSignup()
this.signupTemplate.Execute(responseWriter, vm)
}
func SetCookieVal(w http.ResponseWriter, name string, value string, path string) {
var C http.Cookie
C.Name = name
C.Value = value
C.Path = path
C.Expires = time.Now().AddDate(0, 1, 0)
http.SetCookie(w, &C)
}
func (r *OkResponse) ClearCookie(name string) {
c := http.Cookie{}
c.Name = name
c.Value = "none"
c.MaxAge = -1
c.Expires = time.Unix(1, 0)
r.SetCookie(c)
}
func (s *FormsAuthSuite) createCookie(token string) http.Cookie {
cookie := http.Cookie{}
cookie.Name = FormsAuthenticatorDefaultCookieName
cookie.Expires = time.Now().UTC().Add(24 * 365 * time.Hour)
cookie.HttpOnly = true
cookie.Path = "/"
cookie.Value = token
return cookie
}
func (auth *FormsAuthenticator) createAuthCookie(jwtString string) *http.Cookie {
cookie := http.Cookie{}
cookie.Name = auth.CookieName
cookie.Expires = auth.getCookieExpirationTime()
cookie.HttpOnly = true
cookie.Path = "/"
cookie.Value = jwtString
return &cookie
}
func newCookie(r *http.Request, session *Session) *http.Cookie {
cookie := new(http.Cookie)
cookie.Name = "UH"
cookie.Value = session.Id
cookie.Expires = session.Expires
cookie.Path = "/"
cookie.Domain = r.URL.Host
return cookie
}
func cookie(name, value string, opt *Options) *http.Cookie {
c := http.Cookie{
Name: name,
Value: value,
Path: opt.Path,
Domain: opt.Domain,
MaxAge: opt.MaxAge,
Secure: opt.Secure,
HttpOnly: opt.HttpOnly,
}
switch {
case c.MaxAge < 0:
c.Expires = time.Unix(1, 0)
case c.MaxAge > 0:
c.Expires = time.Now().Add(time.Duration(c.MaxAge) * time.Second)
}
return &c
}
func (state *SessionCookieState) createCookie(session *Session) *http.Cookie {
cookie := http.Cookie{}
cookie.Name = state.SessionKey
cookie.Value = session.Id
cookie.Path = state.Path
cookie.Domain = state.Domain
cookie.Secure = state.Secure
cookie.HttpOnly = state.HttpOnly
if session.IsExpired() {
cookie.Expires = time.Now()
} else {
if state.Expires != 0 {
cookie.Expires = time.Now().Add(state.Expires)
}
}
return &cookie
}
func (this *Ctx) SetCookie(key string, value string, expires int64) {
var cookie http.Cookie
cookie.Name = key
cookie.Value = value
cookie.Expires = time.Unix(time.Now().Unix()+expires, 0)
// this.W.Header().Add("Set-Cookie", cookie.String())
http.SetCookie(this.W, cookie)
}
func createBlankCookie(key string) *http.Cookie {
cookie := new(http.Cookie)
cookie.Name = key
cookie.Value = ""
l, _ := time.LoadLocation("UTC")
cookie.Expires = time.Date(1970, time.January, 1, 0, 0, 0, 0, l)
cookie.HttpOnly = false
cookie.Path = "/" // Without this ang js cant read cookies we send
return cookie
}
func SetCookie(w http.ResponseWriter, k, v string, exp int32) {
var ck http.Cookie
ck.Name = k
ck.Path = "/"
ck.Value = v
if exp != 0 {
ck.Expires = time.Now().Add(time.Second * time.Duration(exp))
}
http.SetCookie(w, &ck)
}
// set cookie
// args: name, value, max age, path, domain, secure, http only, expires
func (ctx *Context) SetCookie(name string, value string, others ...interface{}) {
cookie := http.Cookie{}
cookie.Name = name
cookie.Value = url.QueryEscape(value)
if len(others) > 0 {
switch v := others[0].(type) {
case int:
cookie.MaxAge = v
case int64:
cookie.MaxAge = int(v)
case int32:
cookie.MaxAge = int(v)
}
}
cookie.Path = "/"
if len(others) > 1 {
if v, ok := others[1].(string); ok && len(v) > 0 {
cookie.Path = v
}
}
if len(others) > 2 {
if v, ok := others[2].(string); ok && len(v) > 0 {
cookie.Domain = v
}
}
if len(others) > 3 {
switch v := others[3].(type) {
case bool:
cookie.Secure = v
default:
if others[3] != nil {
cookie.Secure = true
}
}
}
if len(others) > 4 {
if v, ok := others[4].(bool); ok && v {
cookie.HttpOnly = true
}
}
if len(others) > 5 {
if v, ok := others[5].(time.Time); ok {
cookie.Expires = v
cookie.RawExpires = v.Format(time.UnixDate)
}
}
ctx.w.Header().Add("Set-Cookie", cookie.String())
}
func HandleComment(c *webapp.Context) {
if c.Request.Method == "POST" {
IP := strings.Split(c.Request.RemoteAddr, ":")[0]
comment := new(Comment)
comment.Metadata.Name = UUID()
comment.Metadata.IP = IP
comment.Metadata.CreatedTime = time.Now().Unix()
comment.Metadata.Author = strings.Trim(c.Request.FormValue("author"), " ")
comment.Metadata.ArticleName = strings.Trim(c.Request.FormValue("article_name"), " /")
comment.Metadata.UAgent = strings.Trim(c.Request.UserAgent(), " ")
comment.Metadata.Email = strings.Trim(c.Request.FormValue("email"), " ")
comment.Metadata.URL = strings.Trim(c.Request.FormValue("url"), " ")
if strings.Index(comment.Metadata.URL, "http://") == -1 && strings.Index(comment.Metadata.URL, "https://") == -1 {
comment.Metadata.URL = "http://" + comment.Metadata.URL
}
comment.Text = template.HTML(strings.Trim(c.Request.FormValue("text"), " "))
var cookie *http.Cookie
expires := time.Date(2099, time.November, 10, 23, 0, 0, 0, time.UTC)
cookie = new(http.Cookie)
cookie.Path = "/"
cookie.Expires = expires
cookie.Name = "author"
cookie.Value = comment.Metadata.Author
http.SetCookie(c.Writer, cookie)
cookie.Name = "email"
cookie.Value = comment.Metadata.Email
http.SetCookie(c.Writer, cookie)
cookie.Name = "url"
cookie.Value = comment.Metadata.URL
http.SetCookie(c.Writer, cookie)
// verify the form data
if len(comment.Metadata.Author) == 0 || len(comment.Metadata.Email) < 3 || len(comment.Text) < 3 || len(comment.Metadata.Author) > 20 || len(comment.Metadata.Email) > 32 {
c.Redirect("/"+comment.Metadata.ArticleName+"#respond", http.StatusFound)
return
}
if !webapp.CheckEmailForm(comment.Metadata.Email) || (0 < len(comment.Metadata.URL) && !webapp.CheckURLForm(comment.Metadata.URL)) {
c.Redirect("/"+comment.Metadata.ArticleName+"#respond", http.StatusFound)
return
}
if !TattooDB.Has(comment.Metadata.ArticleName) {
c.Redirect("/"+comment.Metadata.ArticleName+"#respond", http.StatusFound)
return
}
comment.Text = template.HTML(webapp.TransformTags(string(comment.Text)))
comment.Metadata.EmailHash = MD5Sum(comment.Metadata.Email)
TattooDB.AddComment(comment)
TattooDB.PrependCommentTimeline(comment)
c.Redirect("/"+comment.Metadata.ArticleName+"#comment_"+comment.Metadata.Name, http.StatusFound)
} else {
c.Redirect("/"+c.Request.FormValue("article_name"), http.StatusFound)
}
}
/*
Set cookie "name" to "value", where "value" may be a string or interface
converted to JSON. The "path" option defaults to "/".
Set cookie `name` to `val`, with the given `options`.
Options:
- `maxAge` max-age in milliseconds, converted to `expires`
- `signed` sign the cookie
- `path` defaults to "/"
Examples:
// "Remember Me" for 15 minutes
res.Cookie("rememberme", "1", &httpCookie{ expires: new Date(Date.now() + 900000), httpOnly: true });
// save as above
res.Cookie("rememberme", "1", &httpCookie{ maxAge: 900000, httpOnly: true })
*/
func (this *Response) Cookie(n string, i interface{}, o ...*http.Cookie) {
var cookie *http.Cookie
/*
If we were given cookie options use them.
*/
if len(o) == 1 {
cookie = o[0]
} else {
cookie = &http.Cookie{}
}
/*
Convert the given interface to a string so it can be used as a cookie value.
*/
var v string
switch i.(type) {
default:
b, e := json.Marshal(i)
v = string(b)
if e != nil {
v = e.Error()
}
case string:
v = i.(string)
}
cookie.Name = n
cookie.Value = url.QueryEscape(Encode(v))
if cookie.Path == "" {
cookie.Path = "/"
}
if cookie.MaxAge == 0 {
// max-age in milliseconds, converted to `expires`
// TODO: Check the timing here.
cookie.Expires = time.Now().UTC().Add(time.Duration(cookie.MaxAge) * (time.Millisecond * time.Microsecond))
cookie.MaxAge = cookie.MaxAge / 1000
}
// cookie.Domain = ""
// cookie.Secure = false
// cookie.HttpOnly = false
/*
Possible bug if headers are already sent.
*/
http.SetCookie(this.Writer, cookie)
}
func (this *Ctx) SetCookie(key string, value string, expires ...int64) {
var cookie http.Cookie
cookie.Name = key
cookie.Value = value
if len(expires) > 0 {
cookie.Expires = time.Unix(time.Now().Unix()+expires[0], 0)
}
http.SetCookie(this.W, &cookie)
}
// createCookie 创建cookie
func (this *HttpProcessor) createCookie(name string, id string, expire int) *http.Cookie {
var cookieValue = new(http.Cookie)
cookieValue.Name = name
cookieValue.Value = id
cookieValue.Path = "/"
cookieValue.HttpOnly = true
if expire > 0 {
cookieValue.MaxAge = expire
cookieValue.Expires = time.Now().Add(time.Second * time.Duration(expire))
}
return cookieValue
}
func (this *LoginController) Post() {
r := this.Request
w := this.ResponseWriter
data := e.Data{}
r.ParseForm()
username := r.FormValue("username")
password := r.FormValue("password")
//remomberme := r.FormValue("remember")
vercode := r.FormValue("vercode")
cookie, _ := r.Cookie("gsid")
if cookie != nil { //如果cookie为空
key := cookie.Value + "Img"
captchaS := u.Session[key]
log.Println("获得session中得验证码", captchaS)
if captchaS == vercode {
delete(u.Session, key)
data.Status = 1
data.Msg = ""
//http.Redirect(w, r, "/", http.StatusSeeOther)
} else {
data.Status = 0
data.Msg = "验证码错误"
}
user := m.User{UserName: username, PassWord: password}
log.Println("用户表单数据:", user.UserName, user.PassWord)
//user.InsertOneUserById(user)
userDetail := user.GetUserDetil(user)
log.Println(userDetail)
if userDetail.UserName == "" {
data.Status = 0
data.Msg = "用户名或密码错误"
}
//登录成功设置成功标志位
if data.Msg == "" {
// usernameCookie := http.Cookie{Name: "username", Value: userDetail.UserName}
// usernameCookie.Expires = time.Now().AddDate(0, 3, 0)
// http.SetCookie(w, &usernameCookie)
idCookie := http.Cookie{Name: "userid", Value: userDetail.Id, Path: "/"}
idCookie.Expires = time.Now().AddDate(0, 3, 0)
log.Println("设置登录cookie", idCookie)
http.SetCookie(w, &idCookie)
}
} else {
data.Status = 0
data.Msg = "非法访问!"
}
u.OutputJson(w, &data)
}
func (s sessionResponseWriter) WriteHeader(code int) {
if atomic.AddInt32(&s.wroteHeader, 1) == 1 {
origCookie, err := s.req.Cookie(s.h.CookieName)
var origCookieVal string
if err != nil {
origCookieVal = ""
} else {
origCookieVal = origCookie.Value
}
session := s.h.RS.Get(s.req)
if len(session) == 0 {
// if we have an empty session, but the
// request didn't start out that way, we
// assume the user wants us to clear the
// session
if origCookieVal != "" {
//log.Println("clearing cookie")
var cookie http.Cookie
cookie.Name = s.h.CookieName
cookie.Value = ""
cookie.Path = "/"
// a cookie is expired by setting it
// with an expiration time in the past
cookie.Expires = time.Unix(0, 0).UTC()
http.SetCookie(s, &cookie)
}
goto write
}
encoded, gobHash, err := encodeCookie(session, s.h.encKey, s.h.hmacKey)
if err != nil {
log.Printf("createCookie: %s\n", err)
goto write
}
if bytes.Equal(gobHash, s.h.RS.getHash(s.req)) {
//log.Println("not re-setting identical cookie")
goto write
}
var cookie http.Cookie
cookie.Name = s.h.CookieName
cookie.Value = encoded
cookie.Path = s.h.CookiePath
cookie.HttpOnly = s.h.RS.HttpOnly
cookie.Secure = s.h.RS.Secure
http.SetCookie(s, &cookie)
}
write:
s.ResponseWriter.WriteHeader(code)
}
func setUserKeyCookie(c *gin.Context, userKey, passCode string) {
jwtIns := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
"uky": userKey,
"upc": passCode,
})
encStr, _ := jwtIns.SignedString([]byte(conf.NodeAuth))
cookie := new(http.Cookie)
cookie.Name = "op_user"
cookie.Expires = time.Now().Add(time.Duration(30*86400) * time.Second)
cookie.Value = encStr
cookie.Path = "/op"
http.SetCookie(c.Writer, cookie)
}
func SetSessionId(w http.ResponseWriter, sessionid string, remember bool) {
// Writes a new (rewrites) cookie to set a sessionid.
// If remember is false, cookies expire field is not set
// and cookie will expire when the session ends.
// Otherwise it exipres in 2 weeks.
var C http.Cookie
C.Name = "sessionid"
C.Value = sessionid
C.Path = "/"
if remember {
C.Expires = time.Now().AddDate(0, 0, 14)
}
http.SetCookie(w, &C)
}
func track(w http.ResponseWriter, r *http.Request, reqver *Version, ua string) {
var ipaddr *string
if len(r.Header["X-Forwarded-For"]) > 0 {
ipaddr = &r.Header["X-Forwarded-For"][0]
} else {
ipaddr = &strings.Split(r.RemoteAddr, ":")[0]
}
if reqver == nil {
return
}
if !reqver.isBiggerThan(min_track_version) {
return
}
// Lookup the IP and display the details if country is found
loc := geoipdb.GetLocationByIP(*ipaddr)
cc := "ZZ"
if loc != nil {
cc = loc.CountryCode
}
cookie, _ := r.Cookie("spmc")
if cookie != nil {
tag := validateTracking(cookie.Value)
if tag != nil {
updateTracking(*tag, ua, *ipaddr, cc)
return
}
}
tag, value := generateTracking()
c := new(http.Cookie)
c.Name = "spmc"
c.Value = *value
c.Expires = time.Unix(2147480000, 0)
http.SetCookie(w, c)
updateTracking(*tag, ua, *ipaddr, cc)
}
func ProvideSession(c *gin.Context) {
// decodes a session id from cookie or provides a new one
if ck, err := c.Request.Cookie("session"); err == nil {
c.Set("session", ck.Value)
return
}
newSession := "alfa romeo"
c.Set("session", newSession)
// c.Writer.C
cookie := http.Cookie{}
cookie.Name = "session"
cookie.Value = newSession
cookie.Path = "/"
cookie.Expires = time.Now().Add(time.Hour * 24 * 7)
cookie.HttpOnly = true
http.SetCookie(c.Writer, &cookie)
}
//setCookie set cookie access=now time,tmpaccess=access var.
func (t *threadCGI) setCookie(ca *thread.Cache, access string) []*http.Cookie {
const (
saveCookie = 7 * 24 * time.Hour // Seconds
)
c := http.Cookie{}
c.Expires = time.Now().Add(saveCookie)
c.Path = cfg.ThreadURL + "/" + util.StrEncode(util.FileDecode(ca.Datfile))
c.Name = "access"
c.Value = strconv.FormatInt(time.Now().Unix(), 10)
if access == "" {
return []*http.Cookie{&c}
}
cc := http.Cookie{}
cc.Name = "tmpaccess"
cc.Value = access
return []*http.Cookie{&c, &cc}
}
func (c *Context) addLoginAs(name string, id string, timeduration ...time.Duration) {
expire := time.Now().AddDate(0, 0, 1)
if timeduration != nil {
expire = time.Now().Add(timeduration[0])
}
cookie := new(http.Cookie)
cookie.Name = name + "Id"
cookie.Value = id
cookie.Expires = expire
cookie.Path = "/"
cookie.RawExpires = expire.Format(time.UnixDate)
c.AddSignedCookie(cookie)
}
