Adding upstream version 2.52.6.

Signed-off-by: Daniel Baumann <daniel@debian.org>
2025-05-17 06:50:16 +02:00 · 2025-05-17 06:50:16 +02:00 · 6d002e9543
commit 6d002e9543
parent a960158181
441 changed files with 95392 additions and 0 deletions
--- a/middleware/csrf/session_manager.go
+++ b/middleware/csrf/session_manager.go
@ -0,0 +1,68 @@
+package csrf
+
+import (
+	"time"
+
+	"github.com/gofiber/fiber/v2"
+	"github.com/gofiber/fiber/v2/log"
+	"github.com/gofiber/fiber/v2/middleware/session"
+)
+
+type sessionManager struct {
+	key     string
+	session *session.Store
+}
+
+func newSessionManager(s *session.Store, k string) *sessionManager {
+	// Create new storage handler
+	sessionManager := &sessionManager{
+		key: k,
+	}
+	if s != nil {
+		// Use provided storage if provided
+		sessionManager.session = s
+	}
+	return sessionManager
+}
+
+// get token from session
+func (m *sessionManager) getRaw(c *fiber.Ctx, key string, raw []byte) []byte {
+	sess, err := m.session.Get(c)
+	if err != nil {
+		return nil
+	}
+	token, ok := sess.Get(m.key).(Token)
+	if ok {
+		if token.Expiration.Before(time.Now()) || key != token.Key || !compareTokens(raw, token.Raw) {
+			return nil
+		}
+		return token.Raw
+	}
+
+	return nil
+}
+
+// set token in session
+func (m *sessionManager) setRaw(c *fiber.Ctx, key string, raw []byte, exp time.Duration) {
+	sess, err := m.session.Get(c)
+	if err != nil {
+		return
+	}
+	// the key is crucial in crsf and sometimes a reference to another value which can be reused later(pool/unsafe values concept), so a copy is made here
+	sess.Set(m.key, &Token{key, raw, time.Now().Add(exp)})
+	if err := sess.Save(); err != nil {
+		log.Warn("csrf: failed to save session: ", err)
+	}
+}
+
+// delete token from session
+func (m *sessionManager) delRaw(c *fiber.Ctx) {
+	sess, err := m.session.Get(c)
+	if err != nil {
+		return
+	}
+	sess.Delete(m.key)
+	if err := sess.Save(); err != nil {
+		log.Warn("csrf: failed to save session: ", err)
+	}
+}