Skip to content

Commit

Permalink
xsrftoken: create no padding base64 string by RawURLEncoding
Browse files Browse the repository at this point in the history 
The XSRF token generation function creates the padded base64 string by
base64.URLEncoding, then removes the padding. It is equivalent to the
base64.RawURLEncoding but with more costs.

Change-Id: I9cf5ad94e9cf3dca9bbfc1b6818ab07d41acf417
GitHub-Last-Rev: a8263b5
GitHub-Pull-Request: #217
Reviewed-on: https://go-review.googlesource.com/c/net/+/599895
Reviewed-by: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Commit-Queue: Damien Neil <dneil@google.com>
Commit-Queue: Ian Lance Taylor <iant@google.com>
  • Loading branch information
@ghosind @gopherbot
ghosind authored and gopherbot committed Jul 22, 2024
1 parent 032e4e4 commit 765c7e8
Showing 1 changed file with 2 additions and 3 deletions.
5 changes: 2 additions & 3 deletions xsrftoken/xsrf.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,10 +45,9 @@ func generateTokenAtTime(key, userID, actionID string, now time.Time) string {
h := hmac.New(sha1.New, []byte(key))
fmt.Fprintf(h, "%s:%s:%d", clean(userID), clean(actionID), milliTime)

// Get the padded base64 string then removing the padding.
// Get the no padding base64 string.
tok := string(h.Sum(nil))
tok = base64.URLEncoding.EncodeToString([]byte(tok))
tok = strings.TrimRight(tok, "=")
tok = base64.RawURLEncoding.EncodeToString([]byte(tok))

return fmt.Sprintf("%s:%d", tok, milliTime)
}
Expand Down

0 comments on commit 765c7e8

Please # to comment.