Make token error more clear, rename cookie and form value to csrf_token

This commit is contained in:
max 2022-11-14 12:12:06 -06:00
parent 18ee7b2fac
commit 2f631cf3ee

View File

@ -6,7 +6,6 @@ import (
"log" "log"
"math" "math"
"net/http" "net/http"
"time"
) )
// GenerateCsrfToken generates a csrf token and assigns it to a cookie for double submit cookie csrf protection // GenerateCsrfToken generates a csrf token and assigns it to a cookie for double submit cookie csrf protection
@ -15,7 +14,7 @@ func GenerateCsrfToken(w http.ResponseWriter, r *http.Request) (string, error) {
buff := make([]byte, int(math.Ceil(float64(64)/2))) buff := make([]byte, int(math.Ceil(float64(64)/2)))
_, err := rand.Read(buff) _, err := rand.Read(buff)
if err != nil { if err != nil {
log.Println("Error creating random buffer for token value") log.Println("Error creating random buffer for csrf token value")
log.Println(err) log.Println(err)
return "", err return "", err
} }
@ -24,11 +23,10 @@ func GenerateCsrfToken(w http.ResponseWriter, r *http.Request) (string, error) {
// Create session cookie, containing token // Create session cookie, containing token
cookie := &http.Cookie{ cookie := &http.Cookie{
Name: "csrf", Name: "csrf_token",
Value: token, Value: token,
Path: "/", Path: "/",
MaxAge: 1800, MaxAge: 1800,
Expires: time.Now().Add(24 * time.Hour),
HttpOnly: true, HttpOnly: true,
Secure: true, Secure: true,
} }
@ -41,15 +39,15 @@ func GenerateCsrfToken(w http.ResponseWriter, r *http.Request) (string, error) {
// VerifyCsrfToken verifies the csrf token // VerifyCsrfToken verifies the csrf token
func VerifyCsrfToken(r *http.Request) (bool, error) { func VerifyCsrfToken(r *http.Request) (bool, error) {
// Get csrf cookie // Get csrf cookie
cookie, err := r.Cookie("csrf") cookie, err := r.Cookie("csrf_token")
if err != nil { if err != nil {
log.Println("Error getting csrf cookie") log.Println("Error getting csrf_token cookie")
log.Println(err) log.Println(err)
return false, err return false, err
} }
// Get csrf token from form // Get csrf token from form
token := r.FormValue("csrf") token := r.FormValue("csrf_token")
// Compare csrf cookie and csrf token // Compare csrf cookie and csrf token
if cookie.Value == token { if cookie.Value == token {