30 lines
905 B
Go
30 lines
905 B
Go
|
package csrf
|
||
|
|
||
|
import (
|
||
|
"crypto/md5"
|
||
|
"fmt"
|
||
|
"strconv"
|
||
|
"time"
|
||
|
)
|
||
|
|
||
|
// authenticated routes
|
||
|
|
||
|
// compare two. possibly change this into middleware?
|
||
|
func (c CSRF) AuthCheck(userID string, routeName string, givenToken string) bool {
|
||
|
minfactor := strconv.Itoa(time.Now().Hour())
|
||
|
minfactor_1 := strconv.Itoa(time.Now().Hour() - 1)
|
||
|
comp := fmt.Sprintf("%x", md5.Sum([]byte(userID+routeName+c.CSRFKey+minfactor)))
|
||
|
comp2 := fmt.Sprintf("%x", md5.Sum([]byte(userID+routeName+c.CSRFKey+minfactor_1)))
|
||
|
// comp := sha256.New()
|
||
|
// comp.Write([]byte(userID + routeName + CSRFKey + strconv.Itoa(time.Now().Hour())))
|
||
|
// be charitable:
|
||
|
//comp2 := sha256.New()
|
||
|
//comp2.Write([]byte(userID + routeName + CSRFKey + strconv.Itoa(time.Now().Hour()-1)))
|
||
|
if comp == givenToken {
|
||
|
return true
|
||
|
}
|
||
|
// second comparison for last hour:
|
||
|
return comp2 == givenToken
|
||
|
//return fmt.Sprintf("%x", comp2.Sum(nil)) == givenToken
|
||
|
}
|