server/auth/xsrf/xsrf.go - Issue 2043423004: Make HTTP middleware easier to use

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: server/auth/xsrf/xsrf.go

Issue 2043423004: Make HTTP middleware easier to use (Closed) Base URL: https://github.com/luci/luci-go@master

Patch Set: Rebase origin/master Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: server/auth/xsrf/xsrf.go

diff --git a/server/auth/xsrf/xsrf.go b/server/auth/xsrf/xsrf.go

index 7fa964a9668c2d975fef651c8a6eeddf880f6d8e..c5fd847f57ab7d496591a025f7d0135da228404d 100644

--- a/server/auth/xsrf/xsrf.go

+++ b/server/auth/xsrf/xsrf.go

@@ -16,14 +16,13 @@ import (

"net/http"

"time"

- "github.com/julienschmidt/httprouter"

"golang.org/x/net/context"

"github.com/luci/luci-go/common/errors"

"github.com/luci/luci-go/common/logging"

"github.com/luci/luci-go/server/auth"

- "github.com/luci/luci-go/server/middleware"

+ "github.com/luci/luci-go/server/router"

"github.com/luci/luci-go/server/tokens"

)

@@ -70,21 +69,19 @@ func TokenField(c context.Context) template.HTML {

// If searches for the token in "xsrf_token" POST form field (as generated by

// TokenField). Aborts the request with HTTP 403 if XSRF token is missing or

// invalid.

-func WithTokenCheck(h middleware.Handler) middleware.Handler {

- return func(c context.Context, rw http.ResponseWriter, r *http.Request, p httprouter.Params) {

- tok := r.PostFormValue("xsrf_token")

- if tok == "" {

- replyError(c, rw, http.StatusForbidden, "XSRF token is missing")

- return

- }

- switch err := Check(c, tok); {

- case errors.IsTransient(err):

- replyError(c, rw, http.StatusInternalServerError, "Transient error when checking XSRF token - %s", err)

- case err != nil:

- replyError(c, rw, http.StatusForbidden, "Bad XSRF token - %s", err)

- default:

- h(c, rw, r, p)

- }

+func WithTokenCheck(c *router.Context, next router.Handler) {

+ tok := c.Request.PostFormValue("xsrf_token")

+ if tok == "" {

+ replyError(c.Context, c.Writer, http.StatusForbidden, "XSRF token is missing")

+ return

+ }

+ switch err := Check(c.Context, tok); {

+ case errors.IsTransient(err):

+ replyError(c.Context, c.Writer, http.StatusInternalServerError, "Transient error when checking XSRF token - %s", err)

+ case err != nil:

+ replyError(c.Context, c.Writer, http.StatusForbidden, "Bad XSRF token - %s", err)

+ default:

+ next(c)

}

« appengine/tsmon/middleware.go ('K') | « server/auth/signing/context.go ('k') | server/middleware/paniccatcher.go » ('j') | server/middleware/paniccatcher.go » ('J')