Anti CSRF layer

2016-07-05 17:46:45 +01:00
parent aa79b076ae
commit 37c77a3cee
8 changed files with 86 additions and 9 deletions
--- a/filemanager.go
+++ b/filemanager.go
@@ -8,6 +8,7 @@
 package filemanager

 import (
+	"fmt"
 	"io"
 	"io/ioutil"
 	"log"
@@ -59,6 +60,13 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
 				}
 			}

+			// Secure agains CSRF attacks
+			if r.Method != http.MethodGet {
+				if !c.CheckToken(r) {
+					return http.StatusForbidden, nil
+				}
+			}
+
 			// Route the request depending on the HTTP Method
 			switch r.Method {
 			case http.MethodGet:
@@ -67,6 +75,9 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
 					return assets.Serve(w, r, c)
 				}

+				c.GenerateToken()
+				fmt.Println(c.Token)
+
 				if !fi.IsDir {
 					query := r.URL.Query()
 					if val, ok := query["raw"]; ok && val[0] == "true" {