aboutsummaryrefslogtreecommitdiff
path: root/migrations/csrfToken
diff options
context:
space:
mode:
authorr <r@freesoftwareextremist.com>2020-01-25 10:07:06 +0000
committerr <r@freesoftwareextremist.com>2020-01-26 06:49:29 +0000
commitbf2cfaf0ede0e9744408f52538fb4bcd87a6d5b8 (patch)
tree5d3be1dfa65395bddedd2fb6f06a990c23274f00 /migrations/csrfToken
parent5fdc7a59b2efc60e35f5421e28986c356810456e (diff)
downloadbloat-bf2cfaf0ede0e9744408f52538fb4bcd87a6d5b8.tar.gz
bloat-bf2cfaf0ede0e9744408f52538fb4bcd87a6d5b8.zip
Add CSRF protection
Diffstat (limited to 'migrations/csrfToken')
-rw-r--r--migrations/csrfToken/main.go79
1 files changed, 79 insertions, 0 deletions
diff --git a/migrations/csrfToken/main.go b/migrations/csrfToken/main.go
new file mode 100644
index 0000000..fcd49f2
--- /dev/null
+++ b/migrations/csrfToken/main.go
@@ -0,0 +1,79 @@
+package main
+
+import (
+ "log"
+ "math/rand"
+ "os"
+ "path/filepath"
+ "time"
+
+ "bloat/config"
+ "bloat/kv"
+ "bloat/repository"
+ "bloat/util"
+)
+
+var (
+ configFile = "bloat.conf"
+)
+
+func init() {
+ rand.Seed(time.Now().Unix())
+}
+
+func getKeys(sessionRepoPath string) (keys []string, err error) {
+ f, err := os.Open(sessionRepoPath)
+ if err != nil {
+ return
+ }
+ return f.Readdirnames(0)
+}
+
+func main() {
+ opts, _, err := util.Getopts(os.Args, "f:")
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ for _, opt := range opts {
+ switch opt.Option {
+ case 'f':
+ configFile = opt.Value
+ }
+ }
+
+ config, err := config.ParseFile(configFile)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ if !config.IsValid() {
+ log.Fatal("invalid config")
+ }
+
+ sessionRepoPath := filepath.Join(config.DatabasePath, "session")
+ sessionDB, err := kv.NewDatabse(sessionRepoPath)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ sessionRepo := repository.NewSessionRepository(sessionDB)
+
+ sessionIds, err := getKeys(sessionRepoPath)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ for _, id := range sessionIds {
+ s, err := sessionRepo.Get(id)
+ if err != nil {
+ log.Fatal(err)
+ }
+ s.CSRFToken = util.NewCSRFToken()
+ err = sessionRepo.Add(s)
+ if err != nil {
+ log.Fatal(err)
+ }
+ }
+
+}