auth/login: Add csrf protection
This commit is contained in:
Tom Wiesing
parent
3aa79b0d23
commit
1af9d0d83f
6 changed files with 42 additions and 8 deletions
|
|
@ -3,6 +3,8 @@ package config
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"hash/fnv"
|
||||
"math/rand"
|
||||
"net/url"
|
||||
"reflect"
|
||||
"strings"
|
||||
|
|
@ -100,6 +102,21 @@ type Config struct {
|
|||
ConfigPath string
|
||||
}
|
||||
|
||||
// CSRFSecret return the csrfSecret derived from the session secret
|
||||
func (config *Config) CSRFSecret() []byte {
|
||||
// take the hash of the secret
|
||||
h := fnv.New32a()
|
||||
h.Write([]byte(config.SessionSecret))
|
||||
|
||||
// seed a random number generator
|
||||
rand := rand.New(rand.NewSource(int64(h.Sum32())))
|
||||
|
||||
// take a bunch of bytes from it
|
||||
secret := make([]byte, 32)
|
||||
rand.Read(secret)
|
||||
return secret
|
||||
}
|
||||
|
||||
// String serializes this configuration into a string
|
||||
func (config Config) String() string {
|
||||
values := &strings.Builder{}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue