projects / kraftakt.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Replace CSRF token with tokens based on the user's ID.
[kraftakt.git] / app / user.go
diff --git a/app/user.go b/app/user.go
index 9fe7e5d..3f5b97e 100644 (file)
--- a/app/user.go
+++ b/app/user.go
@@ -2,6 +2,9 @@ package app
 
 import (
        "context"
+       "crypto/hmac"
+       "crypto/sha1"
+       "encoding/hex"
        "fmt"
        "net/http"
        "sync"
@@ -116,6 +119,13 @@ func (u *User) String() string {
        return u.Email
 }
 
+func (u *User) Sign(payload string) string {
+       mac := hmac.New(sha1.New, []byte(u.ID))
+       mac.Write([]byte(payload))
+
+       return hex.EncodeToString(mac.Sum(nil))
+}
+
 type persistingTokenSource struct {
        ctx context.Context
        t   *oauth2.Token
Unnamed repository; edit this file 'description' to name the repository.