| 45 | } |
| 46 | |
| 47 | func validateCSRFCookie(ctx context.Context, r *http.Request, conf x.CookieConfigProvider, store sessions.Store, name, expectedCSRF string) error { |
| 48 | if cookie, err := getCSRFCookie(ctx, r, store, conf, name); err != nil { |
| 49 | return errors.WithStack(fosite.ErrRequestForbidden.WithHint("CSRF session cookie could not be decoded.")) |
| 50 | } else if csrf, err := mapx.GetString(cookie.Values, "csrf"); err != nil { |
| 51 | return errors.WithStack(fosite.ErrRequestForbidden.WithHint("No CSRF value available in the session cookie.")) |
| 52 | } else if csrf != expectedCSRF { |
| 53 | return errors.WithStack(fosite.ErrRequestForbidden.WithHint("The CSRF value from the token does not match the CSRF value from the data store.")) |
| 54 | } |
| 55 | |
| 56 | return nil |
| 57 | } |
| 58 | |
| 59 | func getCSRFCookie(ctx context.Context, r *http.Request, store sessions.Store, conf x.CookieConfigProvider, name string) (*sessions.Session, error) { |
| 60 | cookie, err := store.Get(r, name) |