filebrowser/config/secure.go

package config

import (
	"math/rand"
	"net/http"
	"time"
)

const letterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"
const (
	letterIdxBits = 6                    // 6 bits to represent a letter index
	letterIdxMask = 1<<letterIdxBits - 1 // All 1-bits, as many as letterIdxBits
	letterIdxMax  = 63 / letterIdxBits   // # of letter indices fitting in 63 bits
)

// CheckToken checs if current token is the same as the one used in the request
func (c Config) CheckToken(r *http.Request) bool {
	token := r.Header.Get("Token")
	return c.Token == token
}

// GenerateToken geneerates a new token
func (c *Config) GenerateToken() {
	n := rand.Intn(80)
	src := rand.NewSource(time.Now().UnixNano())
	b := make([]byte, n)
	// A src.Int63() generates 63 random bits, enough for letterIdxMax characters!
	// future reference: http://stackoverflow.com/questions/22892120/how-to-generate-a-random-string-of-a-fixed-length-in-golang
	for i, cache, remain := n-1, src.Int63(), letterIdxMax; i >= 0; {
		if remain == 0 {
			cache, remain = src.Int63(), letterIdxMax
		}
		if idx := int(cache & letterIdxMask); idx < len(letterBytes) {
			b[i] = letterBytes[idx]
			i--
		}
		cache >>= letterIdxBits
		remain--
	}

	c.Token = string(b)
}
Anti CSRF layer 2016-07-05 16:46:45 +00:00			`package config`

			`import (`
			`"math/rand"`
			`"net/http"`
			`"time"`
			`)`

			`const letterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"`
			`const (`
			`letterIdxBits = 6 // 6 bits to represent a letter index`
			`letterIdxMask = 1<<letterIdxBits - 1 // All 1-bits, as many as letterIdxBits`
			`letterIdxMax = 63 / letterIdxBits // # of letter indices fitting in 63 bits`
			`)`

			`// CheckToken checs if current token is the same as the one used in the request`
			`func (c Config) CheckToken(r *http.Request) bool {`
			`token := r.Header.Get("Token")`
			`return c.Token == token`
			`}`

			`// GenerateToken geneerates a new token`
			`func (c *Config) GenerateToken() {`
			`n := rand.Intn(80)`
			`src := rand.NewSource(time.Now().UnixNano())`
			`b := make([]byte, n)`
			`// A src.Int63() generates 63 random bits, enough for letterIdxMax characters!`
			`// future reference: http://stackoverflow.com/questions/22892120/how-to-generate-a-random-string-of-a-fixed-length-in-golang`
			`for i, cache, remain := n-1, src.Int63(), letterIdxMax; i >= 0; {`
			`if remain == 0 {`
			`cache, remain = src.Int63(), letterIdxMax`
			`}`
			`if idx := int(cache & letterIdxMask); idx < len(letterBytes) {`
			`b[i] = letterBytes[idx]`
			`i--`
			`}`
			`cache >>= letterIdxBits`
			`remain--`
			`}`

			`c.Token = string(b)`
			`}`