-
Notifications
You must be signed in to change notification settings - Fork 33
/
util.go
65 lines (55 loc) · 1.86 KB
/
util.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
// Copyright (c) Jeevanandam M. (https://github.com/jeevatkm)
// Source code and usage is governed by a MIT style
// license that can be found in the LICENSE file.
package anticsrf
import (
"fmt"
"net/url"
"strings"
"time"
"aahframe.work/ahttp"
"aahframe.work/essentials"
)
var (
// As defined in https://tools.ietf.org/html/rfc7231#section-4.2.1
safeHTTPMethods = []string{ahttp.MethodGet, ahttp.MethodHead, ahttp.MethodOptions, ahttp.MethodTrace}
)
//‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾
// Package methods
//___________________________________
// IsSafeHTTPMethod method returns true if matches otherwise false.
// Safe methods per defined in https://tools.ietf.org/html/rfc7231#section-4.2.1
func IsSafeHTTPMethod(method string) bool {
return ess.IsSliceContainsString(safeHTTPMethods, method)
}
// IsSameOrigin method is to check same origin i.e. scheme, host and port.
// Returns true if matches otherwise false.
func IsSameOrigin(a, b *url.URL) bool {
return (a.Scheme == b.Scheme && a.Host == b.Host)
}
//‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾
// Unexported methods
//___________________________________
// Reference: https://github.com/golang/go/blob/master/src/crypto/cipher/xor.go#L45-L54
func xorBytes(a, b []byte) []byte {
n := len(a)
if len(b) < n {
n = len(b)
}
dst := make([]byte, n)
for i := 0; i < n; i++ {
dst[i] = a[i] ^ b[i]
}
return dst
}
// toSeconds method converts string value into seconds.
func toSeconds(value string) (int64, error) {
if strings.HasSuffix(value, "m") || strings.HasSuffix(value, "h") {
d, err := time.ParseDuration(value)
if err != nil {
return 0, err
}
return int64(d.Seconds()), nil
}
return 0, fmt.Errorf("unsupported time unit '%s' on 'security.anti_csrf.ttl'", value)
}