mirror of https://github.com/portainer/portainer
Kevan Ahlquist
parent
5bf922325a
commit
15d133324d
10
app/app.js
10
app/app.js
|
|
@ -25,6 +25,10 @@ angular.module('dockerui', [
|
|||
'volumes'])
|
||||
.config(['$routeProvider', '$httpProvider', function ($routeProvider, $httpProvider) {
|
||||
'use strict';
|
||||
|
||||
$httpProvider.defaults.xsrfCookieName = '_gorilla_csrf';
|
||||
$httpProvider.defaults.xsrfHeaderName = 'X-CSRF-Token';
|
||||
|
||||
$routeProvider.when('/', {
|
||||
templateUrl: 'app/components/dashboard/dashboard.html',
|
||||
controller: 'DashboardController'
|
||||
|
|
@ -79,7 +83,13 @@ angular.module('dockerui', [
|
|||
time: 10000
|
||||
});
|
||||
}
|
||||
console.log('response', response);
|
||||
return response;
|
||||
},
|
||||
request: function(config) {
|
||||
console.log(document.cookie);
|
||||
console.log('request', config);
|
||||
return config;
|
||||
}
|
||||
};
|
||||
});
|
||||
|
|
|
|||
25
dockerui.go
25
dockerui.go
|
|
@ -10,12 +10,19 @@ import (
|
|||
"net/url"
|
||||
"os"
|
||||
"strings"
|
||||
"github.com/gorilla/csrf"
|
||||
"github.com/gorilla/securecookie"
|
||||
)
|
||||
|
||||
var (
|
||||
endpoint = flag.String("e", "/var/run/docker.sock", "Dockerd endpoint")
|
||||
addr = flag.String("p", ":9000", "Address and port to serve dockerui")
|
||||
assets = flag.String("a", ".", "Path to the assets")
|
||||
CSRF = csrf.Protect(
|
||||
[]byte(securecookie.GenerateRandomKey(32)),
|
||||
csrf.HttpOnly(false),
|
||||
csrf.Secure(false),
|
||||
)
|
||||
)
|
||||
|
||||
type UnixHandler struct {
|
||||
|
|
@ -87,7 +94,23 @@ func createHandler(dir string, e string) http.Handler {
|
|||
|
||||
mux.Handle("/dockerapi/", http.StripPrefix("/dockerapi", h))
|
||||
mux.Handle("/", fileHandler)
|
||||
return mux
|
||||
return logWrapper(CSRF(mux))
|
||||
}
|
||||
|
||||
func logWrapper(h http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
log.Println("Request starting: " + r.URL.Path)
|
||||
c, err := r.Cookie ("_gorilla_csrf")
|
||||
if err != nil {
|
||||
log.Println("Unable to find session cookie _gorilla_csrf")
|
||||
h.ServeHTTP(w, r)
|
||||
} else {
|
||||
log.Println("Cookie:" + c.Value)
|
||||
log.Println("Header:" + r.Header.Get("X-CSRF-Token"))
|
||||
h.ServeHTTP(w, r)
|
||||
log.Println("Request ending")
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
func main() {
|
||||
|
|
|
|||
Loading…
Reference in New Issue