Golang : Gorilla web tool kit secure cookie example


11879 views 20th July 2015


Sometimes we need to track user payment status and store the items to be purchased in the browser's cookies cache/jar. It will be wise to encrypt the cookie so that it cannot be manipulated or forged. For example, a malicious buyer will add 3 more items into the cart but only pay for 1 item during check out.

The code below is an example on how to use the Gorilla web tool kit secure cookie package. The cookie is encrypted in the SetCookieHandler() and the decrypted in the ReadCookieHandler().

 package main

 import (
 "fmt"
 "github.com/gorilla/mux"
 "github.com/gorilla/securecookie"
 "net/http"
 )

 //var hashKey = []byte("very-secret")

 //var blockKey = []byte("a-lot-secret")

 //var sc = securecookie.New(hashKey, blockKey)

 var sc = securecookie.New(securecookie.GenerateRandomKey(64), securecookie.GenerateRandomKey(32))



 func SetCookieHandler(w http.ResponseWriter, r *http.Request) {

 value := map[string]string{
 "name": "username",
 }

 if encoded, err := sc.Encode("cookie-name", value); err == nil {
 cookie := &http.Cookie{
 Name:  "cookie-name",
 Value: encoded,
 Path:  "/",
 }

 http.SetCookie(w, cookie)
 }

 // inspect your cookie cache within your browser...
 w.Write([]byte(fmt.Sprintf("Cookie encoded. Inspect your browser's cookies cache")))
 }

 func ReadCookieHandler(w http.ResponseWriter, r *http.Request) {

 w.Write([]byte(fmt.Sprintf("Decoding cookie ")))
 // retrieve cookie from request

 if cookie, err := r.Cookie("cookie-name"); err == nil {
 value := make(map[string]string)

 if err = sc.Decode("cookie-name", cookie.Value, &value); err == nil {
 w.Write([]byte(fmt.Sprintf("The value of name is %v \n", value["name"])))
 }
 }

 }

 func main() {
 mx := mux.NewRouter()

 mx.HandleFunc("/", SetCookieHandler)
 mx.HandleFunc("/get", ReadCookieHandler)

 http.ListenAndServe(":8080", mx)
 }

Visit the localhost:8080 and you should see this message :

Cookie encoded. Inspect your browser's cookies cache

Under Chrome, the steps are right-click on the page, Inspect Element and click on the Resources tab. You should be able to see a cookie with the name "cookie-name" and some unreadable value.

and visit localhost:8080/get to decrypt the encrypted cookie value.

Hope this helps!

References :

http://www.gorillatoolkit.org/pkg/securecookie

http://golang.org/pkg/net/http/#SetCookie

  See also : Golang : How to feed or take banana with Gorilla Web Toolkit Session package





By Adam Ng

IF you gain some knowledge or the information here solved your programming problem. Please consider donating to the less fortunate or some charities that you like. Apart from donation, planting trees, volunteering or reducing your carbon footprint will be great too.


Advertisement

Tutorials

+9.7k Golang : Apply Histogram Equalization to color images


+3.7k Java : Get FX sentiment from website example


+14.9k Golang : GUI with Qt and OpenCV to capture image from camera


+11.1k Golang : Removes punctuation or defined delimiter from the user's input


+5.5k Golang : fmt.Println prints out empty data from struct


+8.5k Golang : Number guessing game with user input verification example


+7.4k Ubuntu : connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream


+20.5k Golang : How to get own program name during runtime ?


+22.5k Golang : Read directory content with filepath.Walk()


+28.2k Golang : Move file to another directory


+4.5k Linux/MacOSX : Search and delete files by extension


+6.8k Golang : Warp text string by number of characters or runes example