replace zxq.co/ripple/hanayo

services/cieca/csrf.go

@@ -0,0 +1,40 @@
+package cieca
+
+import (
+	"strconv"
+	"time"
+
+	"github.com/thehowl/cieca"
+	"github.com/osuYozora/hanayo/services"
+	"zxq.co/x/rs"
+)
+
+// NewCSRF creates a new CSRF service as described in the services.CSRF
+// interface.
+func NewCSRF() services.CSRF {
+	return &ciecaCSRF{
+		DataStore: new(cieca.DataStore),
+	}
+}
+
+type ciecaCSRF struct {
+	*cieca.DataStore
+}
+
+func (c *ciecaCSRF) Generate(u int) (string, error) {
+	var s string
+	for {
+		s = rs.String(10)
+		_, e := c.GetWithExist(s)
+		if !e {
+			break
+		}
+	}
+	c.SetWithExpiration(strconv.Itoa(u)+s, nil, time.Minute*15)
+	return s, nil
+}
+
+func (c *ciecaCSRF) Validate(u int, token string) (bool, error) {
+	_, e := c.GetWithExist(strconv.Itoa(u) + token)
+	return e, nil
+}

services/cieca/csrf_test.go

@@ -0,0 +1,20 @@
+package cieca
+
+import (
+	"testing"
+)
+
+func TestCSRF(t *testing.T) {
+	c := NewCSRF()
+	tok, err := c.Generate(1009)
+	if err != nil {
+		t.Fatal(err)
+	}
+	ok, err := c.Validate(1009, tok)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !ok {
+		t.Fatal("ok is false")
+	}
+}

services/csrf.go

@@ -0,0 +1,10 @@
+package services
+
+// CSRF is a service that avoids Cross Site Request Forgery by giving tokens
+// that will then be used to make sure no third party is interfering.
+type CSRF interface {
+	// Generate generates a new CSRF token for an user.
+	Generate(userID int) (string, error)
+	// Validate checks the CSRF token is valid, and if it is it deletes it.
+	Validate(userID int, key string) (bool, error)
+}

services/database.go

@@ -0,0 +1,6 @@
+package services
+
+// A Database should provide a reliable datastore in which to store the data
+// required for Hanayo to run.
+type Database interface {
+}