Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #24 from bentranter/use-crypto-rand-for-xsrf
Use crypto/rand for XSRF token generation
  • Loading branch information
dinever committed Jun 11, 2016
2 parents 8adab8a + 8fbfd14 commit 3776f33
Showing 1 changed file with 8 additions and 7 deletions.
15 changes: 8 additions & 7 deletions xsrf.go
@@ -1,20 +1,21 @@
package golf

import (
"crypto/rand"
"encoding/hex"
"math/rand"
"time"
)

const chars = "abcdefghijklmnopqrstuvwxyz0123456789"

func randomBytes(strlen int) []byte {
rand.Seed(time.Now().UTC().UnixNano())
result := make([]byte, strlen)
for i := 0; i < strlen; i++ {
result[i] = chars[rand.Intn(len(chars))]
b := make([]byte, strlen)
_, err := rand.Read(b)
if err != nil {
// panic on failure since this indicates a failure of the system's
// CSPRNG
panic(err)
}
return result
return b
}

func decodeXSRFToken(maskedToken string) ([]byte, []byte, error) {
Expand Down

0 comments on commit 3776f33

Please sign in to comment.