add CSRF checking

author: Brian Picciano <mediocregopher@gmail.com> 2021-08-29 22:15:58 -0600
committer: Brian Picciano <mediocregopher@gmail.com> 2021-08-29 22:15:58 -0600
commit: 15ae483fadbd136acefcd602b2f2ac5a83165c73 (patch)
tree: 0f25ed1dd81e4fffeed6055dd02da48a567c8fb2 /srv/api/utils.go
parent: 5746a510fc569fd464e46b646d4979a976ad769b (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/srv/api/utils.go b/srv/api/utils.go
index 7662e17..2cf40b6 100644
--- a/srv/api/utils.go
+++ b/srv/api/utils.go
@@ -2,7 +2,11 @@ package api
 
 import (
 	"context"
+	"crypto/rand"
+	"encoding/hex"
 	"encoding/json"
+	"errors"
+	"fmt"
 	"net/http"
 	"strconv"
 
@@ -66,3 +70,22 @@ func strToInt(str string, defaultVal int) (int, error) {
 	}
 	return strconv.Atoi(str)
 }
+
+func getCookie(r *http.Request, cookieName, defaultVal string) (string, error) {
+	c, err := r.Cookie(cookieName)
+	if errors.Is(err, http.ErrNoCookie) {
+		return defaultVal, nil
+	} else if err != nil {
+		return "", fmt.Errorf("reading cookie %q: %w", cookieName, err)
+	}
+
+	return c.Value, nil
+}
+
+func randStr(numBytesEntropy int) string {
+	b := make([]byte, numBytesEntropy)
+	if _, err := rand.Read(b); err != nil {
+		panic(err)
+	}
+	return hex.EncodeToString(b)
+}
author	Brian Picciano <mediocregopher@gmail.com>	2021-08-29 22:15:58 -0600
committer	Brian Picciano <mediocregopher@gmail.com>	2021-08-29 22:15:58 -0600
commit	15ae483fadbd136acefcd602b2f2ac5a83165c73 (patch)
tree	0f25ed1dd81e4fffeed6055dd02da48a567c8fb2 /srv/api/utils.go
parent	5746a510fc569fd464e46b646d4979a976ad769b (diff)