💾 Archived View for gemini.rmf-dev.com › repo › Vaati › Gemigit › files › e5cf1e2fc8bd700256fedac33d… captured on 2024-02-05 at 09:44:59. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
0 package csrf
1
2 import (
3 "gemigit/db"
4
5 "crypto/rand"
6 "github.com/pitr/gig"
7 )
8
9 var tokens = map[string]string{}
10
11 const characters = "abcdefghijklmnopqrstuvwxyz0123456789"
12 func randomString(n int) string {
13 var random [1024]byte
14 if n > 1024 { return "" }
15 b := make([]byte, n)
16 rand.Read(random[:n])
17 for i := range b {
18 b[i] = characters[int64(random[i]) % int64(len(characters))]
19 }
20 return string(b)
21 }
22
23 func New(c gig.Context) error {
24 sig := c.CertHash()
25 exist := false
26 if sig != "" { _, exist = db.GetUser(sig) }
27 if !exist { return c.NoContent(gig.StatusRedirectTemporary, "/") }
28 token := randomString(16)
29 tokens[sig] = token
30 return c.NoContent(gig.StatusRedirectTemporary,
31 "/account/" + token + "/")
32 }
33
34 func Verify(sig string, c gig.Context) (string, error) {
35 token, exist := tokens[sig]
36 if exist { _, exist = db.GetUser(sig) }
37 if !exist || token != c.Param("csrf") { return "/", nil }
38 return "", nil
39 }
40
41 func Token(sig string) string {
42 return tokens[sig]
43 }
44