Add CSRF support packages

NUAA-Open-Source · Mar 13, 2019 · b25f3d6 · b25f3d6
1 parent 1515b53
commit b25f3d6
Show file tree

Hide file tree

Showing 38 changed files with 3,224 additions and 0 deletions.
diff --git a/main.go b/main.go
@@ -26,6 +26,9 @@ import (
 	"github.com/gin-contrib/cors"
 	"github.com/gin-gonic/gin"
 	"github.com/jinzhu/gorm"
+	"github.com/gin-contrib/sessions"
+	"github.com/utrack/gin-csrf"
+	"github.com/gin-contrib/sessions/cookie"
 )
 
 func Migrate(db *gorm.DB) {
@@ -86,6 +89,7 @@ func main() {
 	r := gin.Default()
 
 	// After init router
+	// CORS
 	if common.DEBUG {
 		r.Use(cors.New(cors.Config{
 			AllowAllOrigins:  true,
@@ -106,6 +110,17 @@ func main() {
 		}))
 	}
 
+	// CSRF
+	store := cookie.NewStore([]byte("secret"))
+	r.Use(sessions.Sessions("mysession", store))
+	r.Use(csrf.Middleware(csrf.Options{
+		Secret: "secret123",
+		ErrorFunc: func(c *gin.Context){
+			c.String(400, "CSRF token mismatch")
+			c.Abort()
+		},
+	}))
+
 	r.GET("/ping", func(c *gin.Context) {
 		c.JSON(200, gin.H{
 			"message": "pong",

diff --git a/vendor/github.com/dchest/uniuri/README.md b/vendor/github.com/dchest/uniuri/README.md
diff --git a/vendor/github.com/dchest/uniuri/uniuri.go b/vendor/github.com/dchest/uniuri/uniuri.go
diff --git a/vendor/github.com/gin-contrib/sessions/LICENSE b/vendor/github.com/gin-contrib/sessions/LICENSE