csrf/auth_check.go

30 lines
905 B
Go
Raw Permalink Normal View History

2025-01-12 11:40:15 +00:00
package csrf
import (
"crypto/md5"
"fmt"
"strconv"
"time"
)
// authenticated routes
// compare two. possibly change this into middleware?
func (c CSRF) AuthCheck(userID string, routeName string, givenToken string) bool {
minfactor := strconv.Itoa(time.Now().Hour())
minfactor_1 := strconv.Itoa(time.Now().Hour() - 1)
comp := fmt.Sprintf("%x", md5.Sum([]byte(userID+routeName+c.CSRFKey+minfactor)))
comp2 := fmt.Sprintf("%x", md5.Sum([]byte(userID+routeName+c.CSRFKey+minfactor_1)))
// comp := sha256.New()
// comp.Write([]byte(userID + routeName + CSRFKey + strconv.Itoa(time.Now().Hour())))
// be charitable:
//comp2 := sha256.New()
//comp2.Write([]byte(userID + routeName + CSRFKey + strconv.Itoa(time.Now().Hour()-1)))
if comp == givenToken {
return true
}
// second comparison for last hour:
return comp2 == givenToken
//return fmt.Sprintf("%x", comp2.Sum(nil)) == givenToken
}