From bf2cfaf0ede0e9744408f52538fb4bcd87a6d5b8 Mon Sep 17 00:00:00 2001 From: r Date: Sat, 25 Jan 2020 10:07:06 +0000 Subject: Add CSRF protection --- migrations/csrfToken/main.go | 79 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 migrations/csrfToken/main.go (limited to 'migrations/csrfToken') diff --git a/migrations/csrfToken/main.go b/migrations/csrfToken/main.go new file mode 100644 index 0000000..fcd49f2 --- /dev/null +++ b/migrations/csrfToken/main.go @@ -0,0 +1,79 @@ +package main + +import ( + "log" + "math/rand" + "os" + "path/filepath" + "time" + + "bloat/config" + "bloat/kv" + "bloat/repository" + "bloat/util" +) + +var ( + configFile = "bloat.conf" +) + +func init() { + rand.Seed(time.Now().Unix()) +} + +func getKeys(sessionRepoPath string) (keys []string, err error) { + f, err := os.Open(sessionRepoPath) + if err != nil { + return + } + return f.Readdirnames(0) +} + +func main() { + opts, _, err := util.Getopts(os.Args, "f:") + if err != nil { + log.Fatal(err) + } + + for _, opt := range opts { + switch opt.Option { + case 'f': + configFile = opt.Value + } + } + + config, err := config.ParseFile(configFile) + if err != nil { + log.Fatal(err) + } + + if !config.IsValid() { + log.Fatal("invalid config") + } + + sessionRepoPath := filepath.Join(config.DatabasePath, "session") + sessionDB, err := kv.NewDatabse(sessionRepoPath) + if err != nil { + log.Fatal(err) + } + + sessionRepo := repository.NewSessionRepository(sessionDB) + + sessionIds, err := getKeys(sessionRepoPath) + if err != nil { + log.Fatal(err) + } + + for _, id := range sessionIds { + s, err := sessionRepo.Get(id) + if err != nil { + log.Fatal(err) + } + s.CSRFToken = util.NewCSRFToken() + err = sessionRepo.Add(s) + if err != nil { + log.Fatal(err) + } + } + +} -- cgit v1.2.3