Updated to support Revel release 0.21.0, revel.TRACE is deprecated.

akensho · akensho · commit e7471011f1e5 · 2018-11-21T20:44:04.000+09:00
diff --git a/csrf.go b/csrf.go
@@ -29,19 +29,19 @@ var CSRFFilter = func(c *revel.Controller, fc []revel.Filter) {
 
 	// [OWASP]; General Recommendation: Synchronizer Token Pattern:
 	// CSRF tokens must be associated with the user's current session.
-	tokenCookie, found := c.Session[cookieName]
+	tokenCookie, found := c.Session[cookieName].(string)
 	realToken := ""
 	if !found {
 		realToken = generateNewToken(c)
 	} else {
 		realToken = tokenCookie
-		revel.TRACE.Printf("REVEL-CSRF: Session's token: '%s'\n", realToken)
+		revel.AppLog.Debugf("REVEL-CSRF: Session's token: '%s'\n", realToken)
 		if len(realToken) != lengthCSRFToken {
 			// Wrong length; token has either been tampered with, we're migrating
 			// onto a new algorithm for generating tokens, or a new session has
 			// been initiated. In any case, a new token is generated and the
 			// error will be detected later.
-			revel.TRACE.Printf("REVEL_CSRF: Bad token length: found %d, expected %d",
+			revel.AppLog.Debugf("REVEL_CSRF: Bad token length: found %d, expected %d",
 				len(realToken), lengthCSRFToken)
 			realToken = generateNewToken(c)
 		}
@@ -52,7 +52,7 @@ var CSRFFilter = func(c *revel.Controller, fc []revel.Filter) {
 	// See http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol#Safe_methods
 	unsafeMethod := !safeMethods.MatchString(r.Method)
 	if unsafeMethod && !IsExempted(r.URL.Path) {
-		revel.TRACE.Printf("REVEL-CSRF: Processing unsafe '%s' method...", r.Method)
+		revel.AppLog.Debugf("REVEL-CSRF: Processing unsafe '%s' method...", r.Method)
 		if r.URL.Scheme == "https" {
 			// See [OWASP]; Checking the Referer Header.
 			referer, err := url.Parse(r.Header.Get("Referer"))
@@ -80,7 +80,7 @@ var CSRFFilter = func(c *revel.Controller, fc []revel.Filter) {
 			// Get CSRF token from form.
 			sentToken = c.Params.Get(fieldName)
 		}
-		revel.TRACE.Printf("REVEL-CSRF: Token received from client: '%s'", sentToken)
+		revel.AppLog.Debugf("REVEL-CSRF: Token received from client: '%s'", sentToken)
 
 		if len(sentToken) != len(realToken) {
 			c.Result = c.Forbidden(errBadToken)
@@ -91,7 +91,7 @@ var CSRFFilter = func(c *revel.Controller, fc []revel.Filter) {
 			c.Result = c.Forbidden(errBadToken)
 			return
 		}
-		revel.TRACE.Println("REVEL-CSRF: Token successfully checked.")
+		revel.AppLog.Debugf("REVEL-CSRF: Token successfully checked.")
 	}
 
 	fc[0](c, fc[1:])
diff --git a/exemptions.go b/exemptions.go
@@ -35,7 +35,7 @@ func IsExempted(path string) bool {
 	_, found := exemptionsFullPath.list[path]
 	exemptionsFullPath.RUnlock()
 	if found {
-		revel.TRACE.Printf("REVEL-CSRF: Ignoring exempted route '%s'...\n", path)
+		revel.AppLog.Debugf("REVEL-CSRF: Ignoring exempted route '%s'...\n", path)
 		return true
 	}
 
@@ -48,7 +48,7 @@ func IsExempted(path string) bool {
 			panic(fmt.Sprintf("REVEL-CSRF: malformed glob pattern: %#v", err))
 		}
 		if found {
-			revel.TRACE.Printf("REVEL-CSRF: Ignoring exempted route '%s'...", path)
+			revel.AppLog.Debugf("REVEL-CSRF: Ignoring exempted route '%s'...", path)
 			return true
 		}
 	}
@@ -57,7 +57,7 @@ func IsExempted(path string) bool {
 
 // ExemptedFullPath exempts one exact path from CSRF checks.
 func ExemptedFullPath(path string) {
-	revel.TRACE.Printf("REVEL-CSRF: Adding exemption '%s'...\n", path)
+	revel.AppLog.Debugf("REVEL-CSRF: Adding exemption '%s'...\n", path)
 	exemptionsFullPath.Lock()
 	exemptionsFullPath.list[path] = struct{}{}
 	exemptionsFullPath.Unlock()
@@ -73,7 +73,7 @@ func ExemptedFullPaths(paths ...string) {
 // ExemptedGlob exempts one path from CSRF checks using pattern matching.
 // See http://golang.org/pkg/path/#Match
 func ExemptedGlob(path string) {
-	revel.TRACE.Printf("REVEL-CSRF: Adding exemption GLOB '%s'...\n", path)
+	revel.AppLog.Debugf("REVEL-CSRF: Adding exemption GLOB '%s'...\n", path)
 	exemptionsGlobs.Lock()
 	exemptionsGlobs.list = append(exemptionsGlobs.list, path)
 	exemptionsGlobs.Unlock()
diff --git a/tokengen.go b/tokengen.go
@@ -23,7 +23,7 @@ func generateNewToken(c *revel.Controller) (token string) {
 	// Due to base64 encoding, CSRF tokens cannot have null bytes and therefore
 	// can safely be used as session values in Revel.
 	token = base64.StdEncoding.EncodeToString(bytes)
-	revel.TRACE.Printf("REVEL-CSRF: Generated new Token: '%s'\n", token)
+	revel.AppLog.Debugf("REVEL-CSRF: Generated new Token: '%s'\n", token)
 	c.Session[cookieName] = token
 	return
 }

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ func generateNewToken(c *revel.Controller) (token string) {`
`23`	`23`	`// Due to base64 encoding, CSRF tokens cannot have null bytes and therefore`
`24`	`24`	`// can safely be used as session values in Revel.`
`25`	`25`	`token = base64.StdEncoding.EncodeToString(bytes)`
`26`		`- revel.TRACE.Printf("REVEL-CSRF: Generated new Token: '%s'\n", token)`
	`26`	`+ revel.AppLog.Debugf("REVEL-CSRF: Generated new Token: '%s'\n", token)`
`27`	`27`	`c.Session[cookieName] = token`
`28`	`28`	`return`
`29`	`29`	`}`