From 15d133324d22e84e3c2839d19b112a96ced4dd66 Mon Sep 17 00:00:00 2001
From: Kevan Ahlquist <ahlqu039@umn.edu>
Date: Thu, 31 Mar 2016 23:54:12 -0500
Subject: [PATCH] add gorilla/csrf

#199
---
 app/app.js  | 10 ++++++++++
 dockerui.go | 25 ++++++++++++++++++++++++-
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/app/app.js b/app/app.js
index 43b2e523b..a9d2e068f 100644
--- a/app/app.js
+++ b/app/app.js
@@ -25,6 +25,10 @@ angular.module('dockerui', [
     'volumes'])
     .config(['$routeProvider', '$httpProvider', function ($routeProvider, $httpProvider) {
         'use strict';
+
+        $httpProvider.defaults.xsrfCookieName = '_gorilla_csrf';
+        $httpProvider.defaults.xsrfHeaderName = 'X-CSRF-Token';
+
         $routeProvider.when('/', {
             templateUrl: 'app/components/dashboard/dashboard.html',
             controller: 'DashboardController'
@@ -79,7 +83,13 @@ angular.module('dockerui', [
                             time: 10000
                         });
                     }
+                    console.log('response', response);
                     return response;
+                },
+                request: function(config) {
+                    console.log(document.cookie);
+                    console.log('request', config);
+                    return config;
                 }
             };
         });
diff --git a/dockerui.go b/dockerui.go
index 496308d30..b72304f49 100644
--- a/dockerui.go
+++ b/dockerui.go
@@ -10,12 +10,19 @@ import (
 	"net/url"
 	"os"
 	"strings"
+	"github.com/gorilla/csrf"
+	"github.com/gorilla/securecookie"
 )
 
 var (
 	endpoint = flag.String("e", "/var/run/docker.sock", "Dockerd endpoint")
 	addr     = flag.String("p", ":9000", "Address and port to serve dockerui")
 	assets   = flag.String("a", ".", "Path to the assets")
+	CSRF = csrf.Protect(
+		[]byte(securecookie.GenerateRandomKey(32)),
+		csrf.HttpOnly(false),
+		csrf.Secure(false),
+	)
 )
 
 type UnixHandler struct {
@@ -87,7 +94,23 @@ func createHandler(dir string, e string) http.Handler {
 
 	mux.Handle("/dockerapi/", http.StripPrefix("/dockerapi", h))
 	mux.Handle("/", fileHandler)
-	return mux
+	return logWrapper(CSRF(mux))
+}
+
+func logWrapper(h http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		log.Println("Request starting: " + r.URL.Path)
+		c, err := r.Cookie ("_gorilla_csrf")
+		if err != nil {
+			log.Println("Unable to find session cookie _gorilla_csrf")
+			h.ServeHTTP(w, r)
+		} else {
+			log.Println("Cookie:" + c.Value)
+			log.Println("Header:" + r.Header.Get("X-CSRF-Token"))
+			h.ServeHTTP(w, r)
+			log.Println("Request ending")
+		}
+	})
 }
 
 func main() {