Support setting cookie domain (#6288)

Signed-off-by: Tamal Saha <tamal@appscode.com>
2019-07-12 06:57:31 -07:00 · 2019-07-12 06:57:31 -07:00 · 2102f9d92d
commit 2102f9d92d
parent d95237b561
15 changed files with 58 additions and 46 deletions
--- a/vendor/github.com/go-macaron/csrf/.travis.yml
+++ b/vendor/github.com/go-macaron/csrf/.travis.yml
@ -1,7 +1,6 @@
 sudo: false
 language: go
 go:
-  - 1.5.x
  - 1.6.x
  - 1.7.x
  - 1.8.x
--- a/vendor/github.com/go-macaron/csrf/csrf.go
+++ b/vendor/github.com/go-macaron/csrf/csrf.go
@ -25,7 +25,7 @@ import (
 	"gopkg.in/macaron.v1"
 )

-const _VERSION = "0.1.0"
+const _VERSION = "0.1.1"

 func Version() string {
 	return _VERSION
@ -58,6 +58,8 @@ type csrf struct {
 	Form string
 	// Cookie name value for setting and getting csrf token.
 	Cookie string
+	//Cookie domain
+	CookieDomain string
 	//Cookie path
 	CookiePath string
 	// Cookie HttpOnly flag value used for the csrf token.
@ -123,8 +125,10 @@ type Options struct {
 	Form string
 	// Cookie value used to set and get token.
 	Cookie string
+	// Cookie domain.
+	CookieDomain string
 	// Cookie path.
-	CookiePath string
+	CookiePath     string
 	CookieHttpOnly bool
 	// Key used for getting the unique ID per user.
 	SessionKey string
@ -187,6 +191,7 @@ func Generate(options ...Options) macaron.Handler {
 			Header:         opt.Header,
 			Form:           opt.Form,
 			Cookie:         opt.Cookie,
+			CookieDomain:   opt.CookieDomain,
 			CookiePath:     opt.CookiePath,
 			CookieHttpOnly: opt.CookieHttpOnly,
 			ErrorFunc:      opt.ErrorFunc,
@ -222,7 +227,7 @@ func Generate(options ...Options) macaron.Handler {
 			// FIXME: actionId.
 			x.Token = GenerateToken(x.Secret, x.ID, "POST")
 			if opt.SetCookie {
-				ctx.SetCookie(opt.Cookie, x.Token, 0, opt.CookiePath, "", opt.Secure, opt.CookieHttpOnly, time.Now().AddDate(0, 0, 1))
+				ctx.SetCookie(opt.Cookie, x.Token, 0, opt.CookiePath, opt.CookieDomain, opt.Secure, opt.CookieHttpOnly, time.Now().AddDate(0, 0, 1))
 			}
 		}

--- a/vendor/github.com/go-macaron/csrf/xsrf.go
+++ b/vendor/github.com/go-macaron/csrf/xsrf.go
@ -50,7 +50,7 @@ func generateTokenAtTime(key, userID, actionID string, now time.Time) string {
 	h := hmac.New(sha1.New, []byte(key))
 	fmt.Fprintf(h, "%s:%s:%d", clean(userID), clean(actionID), now.UnixNano())
 	tok := fmt.Sprintf("%s:%d", h.Sum(nil), now.UnixNano())
-	return base64.URLEncoding.EncodeToString([]byte(tok))
+	return base64.RawURLEncoding.EncodeToString([]byte(tok))
 }

 // Valid returns true if token is a valid, unexpired token returned by Generate.
@ -61,7 +61,7 @@ func ValidToken(token, key, userID, actionID string) bool {
 // validTokenAtTime is like Valid, but it uses now to check if the token is expired.
 func validTokenAtTime(token, key, userID, actionID string, now time.Time) bool {
 	// Decode the token.
-	data, err := base64.URLEncoding.DecodeString(token)
+	data, err := base64.RawURLEncoding.DecodeString(token)
 	if err != nil {
 		return false
 	}