TRKJ/EdgeAdmin
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAdmin.git synced 2025-11-03 20:40:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

登录页尝试使用csrf校验

Browse Source
This commit is contained in:
GoEdgeLab
2020-10-25 11:22:11 +08:00
parent 5345888280
commit 08af418665
11 changed files with 236 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
internal/web/actions/actionutils/csrf.go Normal file
View File

@@ -0,0 +1,22 @@
package actionutils
import (
"github.com/TeaOSLab/EdgeAdmin/internal/csrf"
"github.com/iwind/TeaGo/actions"
"net/http"
)
type CSRF struct {
}
func (this *CSRF) BeforeAction(actionPtr actions.ActionWrapper, paramName string) (goNext bool) {
action := actionPtr.Object()
token := action.ParamString("csrfToken")
if !csrf.Validate(token) {
action.ResponseWriter.WriteHeader(http.StatusForbidden)
action.WriteString("表单已失效,请刷新页面后重试(001)")
return
}
return true
}