Add a page for revoking certs

Add a template for revocation

Use DATETIME type to store created/expires times

Require auth for the /admin and /revoke endpoints

15 files changed, 1656 insertions, 0 deletions

diff --git a/vendor/github.com/gorilla/csrf/LICENSE b/vendor/github.com/gorilla/csrf/LICENSE
new file mode 100644
index 0000000..f407b7f
--- /dev/null
+++ b/vendor/github.com/gorilla/csrf/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2015, Matt Silverlock (matt@eatsleeprepeat.net) All rights
+reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+this list of conditions and the following disclaimer in the documentation and/or
+other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its contributors
+may be used to endorse or promote products derived from this software without
+specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/gorilla/csrf/README.md b/vendor/github.com/gorilla/csrf/README.md
new file mode 100644
index 0000000..02e4f42
--- /dev/null
+++ b/vendor/github.com/gorilla/csrf/README.md
@@ -0,0 +1,232 @@
+# gorilla/csrf
+[![GoDoc](https://godoc.org/github.com/gorilla/csrf?status.svg)](https://godoc.org/github.com/gorilla/csrf) [![Build Status](https://travis-ci.org/gorilla/csrf.svg?branch=master)](https://travis-ci.org/gorilla/csrf)
+
+gorilla/csrf is a HTTP middleware library that provides [cross-site request
+forgery](http://blog.codinghorror.com/preventing-csrf-and-xsrf-attacks/) (CSRF)
+ protection. It includes:
+
+* The `csrf.Protect` middleware/handler provides CSRF protection on routes
+  attached to a router or a sub-router.
+* A `csrf.Token` function that provides the token to pass into your response,
+  whether that be a HTML form or a JSON response body.
+* ... and a `csrf.TemplateField` helper that you can pass into your `html/template`
+  templates to replace a `{{ .csrfField }}` template tag with a hidden input
+  field.
+
+gorilla/csrf is designed to work with any Go web framework, including:
+
+* The [Gorilla](http://www.gorillatoolkit.org/) toolkit
+* Go's built-in [net/http](http://golang.org/pkg/net/http/) package
+* [Goji](https://goji.io) - see the [tailored fork](https://github.com/goji/csrf)
+* [Gin](https://github.com/gin-gonic/gin)
+* [Echo](https://github.com/labstack/echo)
+* ... and any other router/framework that rallies around Go's `http.Handler` interface.
+
+gorilla/csrf is also compatible with middleware 'helper' libraries like
+[Alice](https://github.com/justinas/alice) and [Negroni](https://github.com/codegangsta/negroni).
+
+## Install
+
+With a properly configured Go toolchain:
+```sh
+go get github.com/gorilla/csrf
+```
+
+## Examples
+
+* [HTML Forms](#html-forms)
+* [JavaScript Apps](#javascript-applications)
+* [Google App Engine](#google-app-engine)
+* [Setting Options](#setting-options)
+
+gorilla/csrf is easy to use: add the middleware to your router with
+the below:
+
+```go
+CSRF := csrf.Protect([]byte("32-byte-long-auth-key"))
+http.ListenAndServe(":8000", CSRF(r))
+```
+
+...and then collect the token with `csrf.Token(r)` in your handlers before
+passing it to the template, JSON body or HTTP header (see below).
+
+Note that the authentication key passed to `csrf.Protect([]byte(key))` should be
+32-bytes long and persist across application restarts. Generating a random key
+won't allow you to authenticate existing cookies and will break your CSRF
+validation.
+
+gorilla/csrf inspects the HTTP headers (first) and form body (second) on
+subsequent POST/PUT/PATCH/DELETE/etc. requests for the token.
+
+### HTML Forms
+
+Here's the common use-case: HTML forms you want to provide CSRF protection for,
+in order to protect malicious POST requests being made:
+
+```go
+package main
+
+import (
+    "net/http"
+
+    "github.com/gorilla/csrf"
+    "github.com/gorilla/mux"
+)
+
+func main() {
+    r := mux.NewRouter()
+    r.HandleFunc("/signup", ShowSignupForm)
+    // All POST requests without a valid token will return HTTP 403 Forbidden.
+    r.HandleFunc("/signup/post", SubmitSignupForm)
+
+    // Add the middleware to your router by wrapping it.
+    http.ListenAndServe(":8000",
+        csrf.Protect([]byte("32-byte-long-auth-key"))(r))
+    // PS: Don't forget to pass csrf.Secure(false) if you're developing locally
+    // over plain HTTP (just don't leave it on in production).
+}
+
+func ShowSignupForm(w http.ResponseWriter, r *http.Request) {
+    // signup_form.tmpl just needs a {{ .csrfField }} template tag for
+    // csrf.TemplateField to inject the CSRF token into. Easy!
+    t.ExecuteTemplate(w, "signup_form.tmpl", map[string]interface{
+        csrf.TemplateTag: csrf.TemplateField(r),
+    })
+    // We could also retrieve the token directly from csrf.Token(r) and
+    // set it in the request header - w.Header.Set("X-CSRF-Token", token)
+    // This is useful if your sending JSON to clients or a front-end JavaScript
+    // framework.
+}
+
+func SubmitSignupForm(w http.ResponseWriter, r *http.Request) {
+    // We can trust that requests making it this far have satisfied
+    // our CSRF protection requirements.
+}
+```
+
+Note that the CSRF middleware will (by necessity) consume the request body if the
+token is passed via POST form values. If you need to consume this in your
+handler, insert your own middleware earlier in the chain to capture the request
+body.
+
+### JavaScript Applications
+
+This approach is useful if you're using a front-end JavaScript framework like
+React, Ember or Angular, or are providing a JSON API.
+
+We'll also look at applying selective CSRF protection using
+[gorilla/mux's](http://www.gorillatoolkit.org/pkg/mux) sub-routers,
+as we don't handle any POST/PUT/DELETE requests with our top-level router.
+
+```go
+package main
+
+import (
+    "github.com/gorilla/csrf"
+    "github.com/gorilla/mux"
+)
+
+func main() {
+    r := mux.NewRouter()
+
+    api := r.PathPrefix("/api").Subrouter()
+    api.HandleFunc("/user/:id", GetUser).Methods("GET")
+
+    http.ListenAndServe(":8000",
+        csrf.Protect([]byte("32-byte-long-auth-key"))(r))
+}
+
+func GetUser(w http.ResponseWriter, r *http.Request) {
+    // Authenticate the request, get the id from the route params,
+    // and fetch the user from the DB, etc.
+
+    // Get the token and pass it in the CSRF header. Our JSON-speaking client
+    // or JavaScript framework can now read the header and return the token in
+    // in its own "X-CSRF-Token" request header on the subsequent POST.
+    w.Header().Set("X-CSRF-Token", csrf.Token(r))
+    b, err := json.Marshal(user)
+    if err != nil {
+        http.Error(w, err.Error(), 500)
+        return
+    }
+
+    w.Write(b)
+}
+```
+
+### Google App Engine
+
+If you're using [Google App
+Engine](https://cloud.google.com/appengine/docs/go/how-requests-are-handled#Go_Requests_and_HTTP),
+which doesn't allow you to hook into the default `http.ServeMux` directly,
+you can still use gorilla/csrf (and gorilla/mux):
+
+```go
+package app
+
+// Remember: appengine has its own package main
+func init() {
+    r := mux.NewRouter()
+    r.HandleFunc("/", IndexHandler)
+    // ...
+
+    // We pass our CSRF-protected router to the DefaultServeMux
+    http.Handle("/", csrf.Protect([]byte(your-key))(r))
+}
+```
+
+### Setting Options
+
+What about providing your own error handler and changing the HTTP header the
+package inspects on requests? (i.e. an existing API you're porting to Go). Well,
+gorilla/csrf provides options for changing these as you see fit:
+
+```go
+func main() {
+    CSRF := csrf.Protect(
+            []byte("a-32-byte-long-key-goes-here"),
+            csrf.RequestHeader("Authenticity-Token"),
+            csrf.FieldName("authenticity_token"),
+            csrf.ErrorHandler(http.HandlerFunc(serverError(403))),
+    )
+
+    r := mux.NewRouter()
+    r.HandleFunc("/signup", GetSignupForm)
+    r.HandleFunc("/signup/post", PostSignupForm)
+
+    http.ListenAndServe(":8000", CSRF(r))
+}
+```
+
+Not too bad, right?
+
+If there's something you're confused about or a feature you would like to see
+added, open an issue.
+
+## Design Notes
+
+Getting CSRF protection right is important, so here's some background:
+
+* This library generates unique-per-request (masked) tokens as a mitigation
+  against the [BREACH attack](http://breachattack.com/).
+* The 'base' (unmasked) token is stored in the session, which means that
+  multiple browser tabs won't cause a user problems as their per-request token
+  is compared with the base token.
+* Operates on a "whitelist only" approach where safe (non-mutating) HTTP methods
+  (GET, HEAD, OPTIONS, TRACE) are the *only* methods where token validation is not
+  enforced.
+* The design is based on the battle-tested
+  [Django](https://docs.djangoproject.com/en/1.8/ref/csrf/) and [Ruby on
+  Rails](http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html)
+  approaches.
+* Cookies are authenticated and based on the [securecookie](https://github.com/gorilla/securecookie)
+  library. They're also Secure (issued over HTTPS only) and are HttpOnly
+  by default, because sane defaults are important.
+* Go's `crypto/rand` library is used to generate the 32 byte (256 bit) tokens
+  and the one-time-pad used for masking them.
+
+This library does not seek to be adventurous.
+
+## License
+
+BSD licensed. See the LICENSE file for details.
diff --git a/vendor/github.com/gorilla/csrf/context.go b/vendor/github.com/gorilla/csrf/context.go
new file mode 100644
index 0000000..fe47270
--- /dev/null
+++ b/vendor/github.com/gorilla/csrf/context.go
@@ -0,0 +1,25 @@
+// +build go1.7
+
+package csrf
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/pkg/errors"
+)
+
+func contextGet(r *http.Request, key string) (interface{}, error) {
+	val := r.Context().Value(key)
+	if val == nil {
+		return nil, errors.Errorf("no value exists in the context for key %q", key)
+	}
+
+	return val, nil
+}
+
+func contextSave(r *http.Request, key string, val interface{}) *http.Request {
+	ctx := r.Context()
+	ctx = context.WithValue(ctx, key, val)
+	return r.WithContext(ctx)
+}
diff --git a/vendor/github.com/gorilla/csrf/context_legacy.go b/vendor/github.com/gorilla/csrf/context_legacy.go
new file mode 100644
index 0000000..dabf0a6
--- /dev/null
+++ b/vendor/github.com/gorilla/csrf/context_legacy.go
@@ -0,0 +1,24 @@
+// +build !go1.7
+
+package csrf
+
+import (
+	"net/http"
+
+	"github.com/gorilla/context"
+
+	"github.com/pkg/errors"
+)
+
+func contextGet(r *http.Request, key string) (interface{}, error) {
+	if val, ok := context.GetOk(r, key); ok {
+		return val, nil
+	}
+
+	return nil, errors.Errorf("no value exists in the context for key %q", key)
+}
+
+func contextSave(r *http.Request, key string, val interface{}) *http.Request {
+	context.Set(r, key, val)
+	return r
+}
diff --git a/vendor/github.com/gorilla/csrf/csrf.go b/vendor/github.com/gorilla/csrf/csrf.go
new file mode 100644
index 0000000..dc4755e
--- /dev/null
+++ b/vendor/github.com/gorilla/csrf/csrf.go
@@ -0,0 +1,276 @@
+package csrf
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+
+	"github.com/pkg/errors"
+
+	"github.com/gorilla/context"
+	"github.com/gorilla/securecookie"
+)
+
+// CSRF token length in bytes.
+const tokenLength = 32
+
+// Context/session keys & prefixes
+const (
+	tokenKey     string = "gorilla.csrf.Token"
+	formKey      string = "gorilla.csrf.Form"
+	errorKey     string = "gorilla.csrf.Error"
+	skipCheckKey string = "gorilla.csrf.Skip"
+	cookieName   string = "_gorilla_csrf"
+	errorPrefix  string = "gorilla/csrf: "
+)
+
+var (
+	// The name value used in form fields.
+	fieldName = tokenKey
+	// defaultAge sets the default MaxAge for cookies.
+	defaultAge = 3600 * 12
+	// The default HTTP request header to inspect
+	headerName = "X-CSRF-Token"
+	// Idempotent (safe) methods as defined by RFC7231 section 4.2.2.
+	safeMethods = []string{"GET", "HEAD", "OPTIONS", "TRACE"}
+)
+
+// TemplateTag provides a default template tag - e.g. {{ .csrfField }} - for use
+// with the TemplateField function.
+var TemplateTag = "csrfField"
+
+var (
+	// ErrNoReferer is returned when a HTTPS request provides an empty Referer
+	// header.
+	ErrNoReferer = errors.New("referer not supplied")
+	// ErrBadReferer is returned when the scheme & host in the URL do not match
+	// the supplied Referer header.
+	ErrBadReferer = errors.New("referer invalid")
+	// ErrNoToken is returned if no CSRF token is supplied in the request.
+	ErrNoToken = errors.New("CSRF token not found in request")
+	// ErrBadToken is returned if the CSRF token in the request does not match
+	// the token in the session, or is otherwise malformed.
+	ErrBadToken = errors.New("CSRF token invalid")
+)
+
+type csrf struct {
+	h    http.Handler
+	sc   *securecookie.SecureCookie
+	st   store
+	opts options
+}
+
+// options contains the optional settings for the CSRF middleware.
+type options struct {
+	MaxAge int
+	Domain string
+	Path   string
+	// Note that the function and field names match the case of the associated
+	// http.Cookie field instead of the "correct" HTTPOnly name that golint suggests.
+	HttpOnly      bool
+	Secure        bool
+	RequestHeader string
+	FieldName     string
+	ErrorHandler  http.Handler
+	CookieName    string
+}
+
+// Protect is HTTP middleware that provides Cross-Site Request Forgery
+// protection.
+//
+// It securely generates a masked (unique-per-request) token that
+// can be embedded in the HTTP response (e.g. form field or HTTP header).
+// The original (unmasked) token is stored in the session, which is inaccessible
+// by an attacker (provided you are using HTTPS). Subsequent requests are
+// expected to include this token, which is compared against the session token.
+// Requests that do not provide a matching token are served with a HTTP 403
+// 'Forbidden' error response.
+//
+// Example:
+//	package main
+//
+//	import (
+//		"github.com/elithrar/protect"
+//		"github.com/gorilla/mux"
+//	)
+//
+//	func main() {
+//	  r := mux.NewRouter()
+//
+//	  mux.HandlerFunc("/signup", GetSignupForm)
+//	  // POST requests without a valid token will return a HTTP 403 Forbidden.
+//	  mux.HandlerFunc("/signup/post", PostSignupForm)
+//
+//	  // Add the middleware to your router.
+//	  http.ListenAndServe(":8000",
+//            // Note that the authentication key provided should be 32 bytes
+//            // long and persist across application restarts.
+//			  csrf.Protect([]byte("32-byte-long-auth-key"))(r))
+//	}
+//
+//	func GetSignupForm(w http.ResponseWriter, r *http.Request) {
+//		// signup_form.tmpl just needs a {{ .csrfField }} template tag for
+//		// csrf.TemplateField to inject the CSRF token into. Easy!
+//		t.ExecuteTemplate(w, "signup_form.tmpl", map[string]interface{
+//			csrf.TemplateTag: csrf.TemplateField(r),
+//		})
+//		// We could also retrieve the token directly from csrf.Token(r) and
+//		// set it in the request header - w.Header.Set("X-CSRF-Token", token)
+//		// This is useful if your sending JSON to clients or a front-end JavaScript
+//		// framework.
+//	}
+//
+func Protect(authKey []byte, opts ...Option) func(http.Handler) http.Handler {
+	return func(h http.Handler) http.Handler {
+		cs := parseOptions(h, opts...)
+
+		// Set the defaults if no options have been specified
+		if cs.opts.ErrorHandler == nil {
+			cs.opts.ErrorHandler = http.HandlerFunc(unauthorizedHandler)
+		}
+
+		if cs.opts.MaxAge < 0 {
+			// Default of 12 hours
+			cs.opts.MaxAge = defaultAge
+		}
+
+		if cs.opts.FieldName == "" {
+			cs.opts.FieldName = fieldName
+		}
+
+		if cs.opts.CookieName == "" {
+			cs.opts.CookieName = cookieName
+		}
+
+		if cs.opts.RequestHeader == "" {
+			cs.opts.RequestHeader = headerName
+		}
+
+		// Create an authenticated securecookie instance.
+		if cs.sc == nil {
+			cs.sc = securecookie.New(authKey, nil)
+			// Use JSON serialization (faster than one-off gob encoding)
+			cs.sc.SetSerializer(securecookie.JSONEncoder{})
+			// Set the MaxAge of the underlying securecookie.
+			cs.sc.MaxAge(cs.opts.MaxAge)
+		}
+
+		if cs.st == nil {
+			// Default to the cookieStore
+			cs.st = &cookieStore{
+				name:     cs.opts.CookieName,
+				maxAge:   cs.opts.MaxAge,
+				secure:   cs.opts.Secure,
+				httpOnly: cs.opts.HttpOnly,
+				path:     cs.opts.Path,
+				domain:   cs.opts.Domain,
+				sc:       cs.sc,
+			}
+		}
+
+		return cs
+	}
+}
+
+// Implements http.Handler for the csrf type.
+func (cs *csrf) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	// Skip the check if directed to. This should always be a bool.
+	if val, err := contextGet(r, skipCheckKey); err == nil {
+		if skip, ok := val.(bool); ok {
+			if skip {
+				cs.h.ServeHTTP(w, r)
+				return
+			}
+		}
+	}
+
+	// Retrieve the token from the session.
+	// An error represents either a cookie that failed HMAC validation
+	// or that doesn't exist.
+	realToken, err := cs.st.Get(r)
+	if err != nil || len(realToken) != tokenLength {
+		// If there was an error retrieving the token, the token doesn't exist
+		// yet, or it's the wrong length, generate a new token.
+		// Note that the new token will (correctly) fail validation downstream
+		// as it will no longer match the request token.
+		realToken, err = generateRandomBytes(tokenLength)
+		if err != nil {
+			envError(r, err)
+			cs.opts.ErrorHandler.ServeHTTP(w, r)
+			return
+		}
+
+		// Save the new (real) token in the session store.
+		err = cs.st.Save(realToken, w)
+		if err != nil {
+			envError(r, err)
+			cs.opts.ErrorHandler.ServeHTTP(w, r)
+			return
+		}
+	}
+
+	// Save the masked token to the request context
+	r = contextSave(r, tokenKey, mask(realToken, r))
+	// Save the field name to the request context
+	r = contextSave(r, formKey, cs.opts.FieldName)
+
+	// HTTP methods not defined as idempotent ("safe") under RFC7231 require
+	// inspection.
+	if !contains(safeMethods, r.Method) {
+		// Enforce an origin check for HTTPS connections. As per the Django CSRF
+		// implementation (https://goo.gl/vKA7GE) the Referer header is almost
+		// always present for same-domain HTTP requests.
+		if r.URL.Scheme == "https" {
+			// Fetch the Referer value. Call the error handler if it's empty or
+			// otherwise fails to parse.
+			referer, err := url.Parse(r.Referer())
+			if err != nil || referer.String() == "" {
+				envError(r, ErrNoReferer)
+				cs.opts.ErrorHandler.ServeHTTP(w, r)
+				return
+			}
+
+			if sameOrigin(r.URL, referer) == false {
+				envError(r, ErrBadReferer)
+				cs.opts.ErrorHandler.ServeHTTP(w, r)
+				return
+			}
+		}
+
+		// If the token returned from the session store is nil for non-idempotent
+		// ("unsafe") methods, call the error handler.
+		if realToken == nil {
+			envError(r, ErrNoToken)
+			cs.opts.ErrorHandler.ServeHTTP(w, r)
+			return
+		}
+
+		// Retrieve the combined token (pad + masked) token and unmask it.
+		requestToken := unmask(cs.requestToken(r))
+
+		// Compare the request token against the real token
+		if !compareTokens(requestToken, realToken) {
+			envError(r, ErrBadToken)
+			cs.opts.ErrorHandler.ServeHTTP(w, r)
+			return
+		}
+
+	}
+
+	// Set the Vary: Cookie header to protect clients from caching the response.
+	w.Header().Add("Vary", "Cookie")
+
+	// Call the wrapped handler/router on success.
+	cs.h.ServeHTTP(w, r)
+	// Clear the request context after the handler has completed.
+	context.Clear(r)
+}
+
+// unauthorizedhandler sets a HTTP 403 Forbidden status and writes the
+// CSRF failure reason to the response.
+func unauthorizedHandler(w http.ResponseWriter, r *http.Request) {
+	http.Error(w, fmt.Sprintf("%s - %s",
+		http.StatusText(http.StatusForbidden), FailureReason(r)),
+		http.StatusForbidden)
+	return
+}
diff --git a/vendor/github.com/gorilla/csrf/doc.go b/vendor/github.com/gorilla/csrf/doc.go
new file mode 100644
index 0000000..612c8d9
--- /dev/null
+++ b/vendor/github.com/gorilla/csrf/doc.go
@@ -0,0 +1,159 @@
+/*
+Package csrf (gorilla/csrf) provides Cross Site Request Forgery (CSRF)
+prevention middleware for Go web applications & services.
+
+It includes:
+
+    * The `csrf.Protect` middleware/handler provides CSRF protection on routes
+      attached to a router or a sub-router.
+    * A `csrf.Token` function that provides the token to pass into your response,
+      whether that be a HTML form or a JSON response body.
+    * ... and a `csrf.TemplateField` helper that you can pass into your `html/template`
+      templates to replace a `{{ .csrfField }}` template tag with a hidden input
+      field.
+
+gorilla/csrf is easy to use: add the middleware to individual handlers with
+the below:
+
+    CSRF := csrf.Protect([]byte("32-byte-long-auth-key"))
+    http.HandlerFunc("/route", CSRF(YourHandler))
+
+... and then collect the token with `csrf.Token(r)` before passing it to the
+template, JSON body or HTTP header (you pick!). gorilla/csrf inspects the form body
+(first) and HTTP headers (second) on subsequent POST/PUT/PATCH/DELETE/etc. requests
+for the token.
+
+Note that the authentication key passed to `csrf.Protect([]byte(key))` should be
+32-bytes long and persist across application restarts. Generating a random key
+won't allow you to authenticate existing cookies and will break your CSRF
+validation.
+
+Here's the common use-case: HTML forms you want to provide CSRF protection for,
+in order to protect malicious POST requests being made:
+
+    package main
+
+    import (
+    	"fmt"
+    	"html/template"
+    	"net/http"
+
+    	"github.com/gorilla/csrf"
+    	"github.com/gorilla/mux"
+    )
+
+    var form = `
+    <html>
+    <head>
+    <title>Sign Up!</title>
+    </head>
+    <body>
+    <form method="POST" action="/signup/post" accept-charset="UTF-8">
+    <input type="text" name="name">
+    <input type="text" name="email">
+    <!--
+        The default template tag used by the CSRF middleware .
+        This will be replaced with a hidden <input> field containing the
+        masked CSRF token.
+    -->
+    {{ .csrfField }}
+    <input type="submit" value="Sign up!">
+    </form>
+    </body>
+    </html>
+    `
+
+    var t = template.Must(template.New("signup_form.tmpl").Parse(form))
+
+    func main() {
+    	r := mux.NewRouter()
+    	r.HandleFunc("/signup", ShowSignupForm)
+    	// All POST requests without a valid token will return HTTP 403 Forbidden.
+    	r.HandleFunc("/signup/post", SubmitSignupForm)
+
+    	// Add the middleware to your router by wrapping it.
+    	http.ListenAndServe(":8000",
+    		csrf.Protect([]byte("32-byte-long-auth-key"))(r))
+    }
+
+    func ShowSignupForm(w http.ResponseWriter, r *http.Request) {
+    	// signup_form.tmpl just needs a {{ .csrfField }} template tag for
+    	// csrf.TemplateField to inject the CSRF token into. Easy!
+    	t.ExecuteTemplate(w, "signup_form.tmpl", map[string]interface{}{
+    		csrf.TemplateTag: csrf.TemplateField(r),
+    	})
+    }
+
+    func SubmitSignupForm(w http.ResponseWriter, r *http.Request) {
+    	// We can trust that requests making it this far have satisfied
+    	// our CSRF protection requirements.
+    	fmt.Fprintf(w, "%v\n", r.PostForm)
+    }
+
+Note that the CSRF middleware will (by necessity) consume the request body if the
+token is passed via POST form values. If you need to consume this in your
+handler, insert your own middleware earlier in the chain to capture the request
+body.
+
+You can also send the CSRF token in the response header. This approach is useful
+if you're using a front-end JavaScript framework like Ember or Angular, or are
+providing a JSON API:
+
+    package main
+
+    import (
+        "github.com/gorilla/csrf"
+        "github.com/gorilla/mux"
+    )
+
+    func main() {
+        r := mux.NewRouter()
+
+        api := r.PathPrefix("/api").Subrouter()
+        api.HandleFunc("/user/:id", GetUser).Methods("GET")
+
+        http.ListenAndServe(":8000",
+            csrf.Protect([]byte("32-byte-long-auth-key"))(r))
+    }
+
+    func GetUser(w http.ResponseWriter, r *http.Request) {
+        // Authenticate the request, get the id from the route params,
+        // and fetch the user from the DB, etc.
+
+        // Get the token and pass it in the CSRF header. Our JSON-speaking client
+        // or JavaScript framework can now read the header and return the token in
+        // in its own "X-CSRF-Token" request header on the subsequent POST.
+        w.Header().Set("X-CSRF-Token", csrf.Token(r))
+        b, err := json.Marshal(user)
+        if err != nil {
+            http.Error(w, err.Error(), 500)
+            return
+        }
+
+        w.Write(b)
+    }
+
+In addition: getting CSRF protection right is important, so here's some background:
+
+    * This library generates unique-per-request (masked) tokens as a mitigation
+      against the [BREACH attack](http://breachattack.com/).
+    * The 'base' (unmasked) token is stored in the session, which means that
+      multiple browser tabs won't cause a user problems as their per-request token
+      is compared with the base token.
+    * Operates on a "whitelist only" approach where safe (non-mutating) HTTP methods
+      (GET, HEAD, OPTIONS, TRACE) are the *only* methods where token validation is not
+      enforced.
+    * The design is based on the battle-tested
+      [Django](https://docs.djangoproject.com/en/1.8/ref/csrf/) and [Ruby on
+      Rails](http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html)
+      approaches.
+    * Cookies are authenticated and based on the [securecookie](https://github.com/gorilla/securecookie)
+      library. They're also Secure (issued over HTTPS only) and are HttpOnly
+      by default, because sane defaults are important.
+    * Go's `crypto/rand` library is used to generate the 32 byte (256 bit) tokens
+      and the one-time-pad used for masking them.
+
+This library does not seek to be adventurous.
+
+*/
+package csrf
diff --git a/vendor/github.com/gorilla/csrf/helpers.go b/vendor/github.com/gorilla/csrf/helpers.go
new file mode 100644
index 0000000..7adb5ff
--- /dev/null
+++ b/vendor/github.com/gorilla/csrf/helpers.go
@@ -0,0 +1,205 @@
+package csrf
+
+import (
+	"crypto/rand"
+	"crypto/subtle"
+	"encoding/base64"
+	"fmt"
+	"html/template"
+	"net/http"
+	"net/url"
+
+	"github.com/gorilla/context"
+)
+
+// Token returns a masked CSRF token ready for passing into HTML template or
+// a JSON response body. An empty token will be returned if the middleware
+// has not been applied (which will fail subsequent validation).
+func Token(r *http.Request) string {
+	if val, err := contextGet(r, tokenKey); err == nil {
+		if maskedToken, ok := val.(string); ok {
+			return maskedToken
+		}
+	}
+
+	return ""
+}
+
+// FailureReason makes CSRF validation errors available in the request context.
+// This is useful when you want to log the cause of the error or report it to
+// client.
+func FailureReason(r *http.Request) error {
+	if val, err := contextGet(r, errorKey); err == nil {
+		if err, ok := val.(error); ok {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// UnsafeSkipCheck will skip the CSRF check for any requests.  This must be
+// called before the CSRF middleware.
+//
+// Note: You should not set this without otherwise securing the request from
+// CSRF attacks. The primary use-case for this function is to turn off CSRF
+// checks for non-browser clients using authorization tokens against your API.
+func UnsafeSkipCheck(r *http.Request) *http.Request {
+	return contextSave(r, skipCheckKey, true)
+}
+
+// TemplateField is a template helper for html/template that provides an <input> field
+// populated with a CSRF token.
+//
+// Example:
+//
+//      // The following tag in our form.tmpl template:
+//      {{ .csrfField }}
+//
+//      // ... becomes:
+//      <input type="hidden" name="gorilla.csrf.Token" value="<token>">
+//
+func TemplateField(r *http.Request) template.HTML {
+	if name, err := contextGet(r, formKey); err == nil {
+		fragment := fmt.Sprintf(`<input type="hidden" name="%s" value="%s">`,
+			name, Token(r))
+
+		return template.HTML(fragment)
+	}
+
+	return template.HTML("")
+}
+
+// mask returns a unique-per-request token to mitigate the BREACH attack
+// as per http://breachattack.com/#mitigations
+//
+// The token is generated by XOR'ing a one-time-pad and the base (session) CSRF
+// token and returning them together as a 64-byte slice. This effectively
+// randomises the token on a per-request basis without breaking multiple browser
+// tabs/windows.
+func mask(realToken []byte, r *http.Request) string {
+	otp, err := generateRandomBytes(tokenLength)
+	if err != nil {
+		return ""
+	}
+
+	// XOR the OTP with the real token to generate a masked token. Append the
+	// OTP to the front of the masked token to allow unmasking in the subsequent
+	// request.
+	return base64.StdEncoding.EncodeToString(append(otp, xorToken(otp, realToken)...))
+}
+
+// unmask splits the issued token (one-time-pad + masked token) and returns the
+// unmasked request token for comparison.
+func unmask(issued []byte) []byte {
+	// Issued tokens are always masked and combined with the pad.
+	if len(issued) != tokenLength*2 {
+		return nil
+	}
+
+	// We now know the length of the byte slice.
+	otp := issued[tokenLength:]
+	masked := issued[:tokenLength]
+
+	// Unmask the token by XOR'ing it against the OTP used to mask it.
+	return xorToken(otp, masked)
+}
+
+// requestToken returns the issued token (pad + masked token) from the HTTP POST
+// body or HTTP header. It will return nil if the token fails to decode.
+func (cs *csrf) requestToken(r *http.Request) []byte {
+	// 1. Check the HTTP header first.
+	issued := r.Header.Get(cs.opts.RequestHeader)
+
+	// 2. Fall back to the POST (form) value.
+	if issued == "" {
+		issued = r.PostFormValue(cs.opts.FieldName)
+	}
+
+	// 3. Finally, fall back to the multipart form (if set).
+	if issued == "" && r.MultipartForm != nil {
+		vals := r.MultipartForm.Value[cs.opts.FieldName]
+
+		if len(vals) > 0 {
+			issued = vals[0]
+		}
+	}
+
+	// Decode the "issued" (pad + masked) token sent in the request. Return a
+	// nil byte slice on a decoding error (this will fail upstream).
+	decoded, err := base64.StdEncoding.DecodeString(issued)
+	if err != nil {
+		return nil
+	}
+
+	return decoded
+}
+
+// generateRandomBytes returns securely generated random bytes.
+// It will return an error if the system's secure random number generator
+// fails to function correctly.
+func generateRandomBytes(n int) ([]byte, error) {
+	b := make([]byte, n)
+	_, err := rand.Read(b)
+	// err == nil only if len(b) == n
+	if err != nil {
+		return nil, err
+	}
+
+	return b, nil
+
+}
+
+// sameOrigin returns true if URLs a and b share the same origin. The same
+// origin is defined as host (which includes the port) and scheme.
+func sameOrigin(a, b *url.URL) bool {
+	return (a.Scheme == b.Scheme && a.Host == b.Host)
+}
+
+// compare securely (constant-time) compares the unmasked token from the request
+// against the real token from the session.
+func compareTokens(a, b []byte) bool {
+	// This is required as subtle.ConstantTimeCompare does not check for equal
+	// lengths in Go versions prior to 1.3.
+	if len(a) != len(b) {
+		return false
+	}
+
+	return subtle.ConstantTimeCompare(a, b) == 1
+}
+
+// xorToken XORs tokens ([]byte) to provide unique-per-request CSRF tokens. It
+// will return a masked token if the base token is XOR'ed with a one-time-pad.
+// An unmasked token will be returned if a masked token is XOR'ed with the
+// one-time-pad used to mask it.
+func xorToken(a, b []byte) []byte {
+	n := len(a)
+	if len(b) < n {
+		n = len(b)
+	}
+
+	res := make([]byte, n)
+
+	for i := 0; i < n; i++ {
+		res[i] = a[i] ^ b[i]
+	}
+
+	return res
+}
+
+// contains is a helper function to check if a string exists in a slice - e.g.
+// whether a HTTP method exists in a list of safe methods.
+func contains(vals []string, s string) bool {
+	for _, v := range vals {
+		if v == s {
+			return true
+		}
+	}
+
+	return false
+}
+
+// envError stores a CSRF error in the request context.
+func envError(r *http.Request, err error) {
+	context.Set(r, errorKey, err)
+}
diff --git a/vendor/github.com/gorilla/csrf/options.go b/vendor/github.com/gorilla/csrf/options.go
new file mode 100644
index 0000000..c644d49
--- /dev/null
+++ b/vendor/github.com/gorilla/csrf/options.go
@@ -0,0 +1,130 @@
+package csrf
+
+import "net/http"
+
+// Option describes a functional option for configuring the CSRF handler.
+type Option func(*csrf)
+
+// MaxAge sets the maximum age (in seconds) of a CSRF token's underlying cookie.
+// Defaults to 12 hours.
+func MaxAge(age int) Option {
+	return func(cs *csrf) {
+		cs.opts.MaxAge = age
+	}
+}
+
+// Domain sets the cookie domain. Defaults to the current domain of the request
+// only (recommended).
+//
+// This should be a hostname and not a URL. If set, the domain is treated as
+// being prefixed with a '.' - e.g. "example.com" becomes ".example.com" and
+// matches "www.example.com" and "secure.example.com".
+func Domain(domain string) Option {
+	return func(cs *csrf) {
+		cs.opts.Domain = domain
+	}
+}
+
+// Path sets the cookie path. Defaults to the path the cookie was issued from
+// (recommended).
+//
+// This instructs clients to only respond with cookie for that path and its
+// subpaths - i.e. a cookie issued from "/register" would be included in requests
+// to "/register/step2" and "/register/submit".
+func Path(p string) Option {
+	return func(cs *csrf) {
+		cs.opts.Path = p
+	}
+}
+
+// Secure sets the 'Secure' flag on the cookie. Defaults to true (recommended).
+// Set this to 'false' in your development environment otherwise the cookie won't
+// be sent over an insecure channel. Setting this via the presence of a 'DEV'
+// environmental variable is a good way of making sure this won't make it to a
+// production environment.
+func Secure(s bool) Option {
+	return func(cs *csrf) {
+		cs.opts.Secure = s
+	}
+}
+
+// HttpOnly sets the 'HttpOnly' flag on the cookie. Defaults to true (recommended).
+func HttpOnly(h bool) Option {
+	return func(cs *csrf) {
+		// Note that the function and field names match the case of the
+		// related http.Cookie field instead of the "correct" HTTPOnly name
+		// that golint suggests.
+		cs.opts.HttpOnly = h
+	}
+}
+
+// ErrorHandler allows you to change the handler called when CSRF request
+// processing encounters an invalid token or request. A typical use would be to
+// provide a handler that returns a static HTML file with a HTTP 403 status. By
+// default a HTTP 403 status and a plain text CSRF failure reason are served.
+//
+// Note that a custom error handler can also access the csrf.Failure(r)
+// function to retrieve the CSRF validation reason from the request context.
+func ErrorHandler(h http.Handler) Option {
+	return func(cs *csrf) {
+		cs.opts.ErrorHandler = h
+	}
+}
+
+// RequestHeader allows you to change the request header the CSRF middleware
+// inspects. The default is X-CSRF-Token.
+func RequestHeader(header string) Option {
+	return func(cs *csrf) {
+		cs.opts.RequestHeader = header
+	}
+}
+
+// FieldName allows you to change the name attribute of the hidden <input> field
+// inspected by this package. The default is 'gorilla.csrf.Token'.
+func FieldName(name string) Option {
+	return func(cs *csrf) {
+		cs.opts.FieldName = name
+	}
+}
+
+// CookieName changes the name of the CSRF cookie issued to clients.
+//
+// Note that cookie names should not contain whitespace, commas, semicolons,
+// backslashes or control characters as per RFC6265.
+func CookieName(name string) Option {
+	return func(cs *csrf) {
+		cs.opts.CookieName = name
+	}
+}
+
+// setStore sets the store used by the CSRF middleware.
+// Note: this is private (for now) to allow for internal API changes.
+func setStore(s store) Option {
+	return func(cs *csrf) {
+		cs.st = s
+	}
+}
+
+// parseOptions parses the supplied options functions and returns a configured
+// csrf handler.
+func parseOptions(h http.Handler, opts ...Option) *csrf {
+	// Set the handler to call after processing.
+	cs := &csrf{
+		h: h,
+	}
+
+	// Default to true. See Secure & HttpOnly function comments for rationale.
+	// Set here to allow package users to override the default.
+	cs.opts.Secure = true
+	cs.opts.HttpOnly = true
+
+	// Range over each options function and apply it
+	// to our csrf type to configure it. Options functions are
+	// applied in order, with any conflicting options overriding
+	// earlier calls.
+	for _, option := range opts {
+		option(cs)
+	}
+
+	return cs
+}
diff --git a/vendor/github.com/gorilla/csrf/store.go b/vendor/github.com/gorilla/csrf/store.go
new file mode 100644
index 0000000..39f47ad
--- /dev/null
+++ b/vendor/github.com/gorilla/csrf/store.go
@@ -0,0 +1,82 @@
+package csrf
+
+import (
+	"net/http"
+	"time"
+
+	"github.com/gorilla/securecookie"
+)
+
+// store represents the session storage used for CSRF tokens.
+type store interface {
+	// Get returns the real CSRF token from the store.
+	Get(*http.Request) ([]byte, error)
+	// Save stores the real CSRF token in the store and writes a
+	// cookie to the http.ResponseWriter.
+	// For non-cookie stores, the cookie should contain a unique (256 bit) ID
+	// or key that references the token in the backend store.
+	// csrf.GenerateRandomBytes is a helper function for generating secure IDs.
+	Save(token []byte, w http.ResponseWriter) error
+}
+
+// cookieStore is a signed cookie session store for CSRF tokens.
+type cookieStore struct {
+	name     string
+	maxAge   int
+	secure   bool
+	httpOnly bool
+	path     string
+	domain   string
+	sc       *securecookie.SecureCookie
+}
+
+// Get retrieves a CSRF token from the session cookie. It returns an empty token
+// if decoding fails (e.g. HMAC validation fails or the named cookie doesn't exist).
+func (cs *cookieStore) Get(r *http.Request) ([]byte, error) {
+	// Retrieve the cookie from the request
+	cookie, err := r.Cookie(cs.name)
+	if err != nil {
+		return nil, err
+	}
+
+	token := make([]byte, tokenLength)
+	// Decode the HMAC authenticated cookie.
+	err = cs.sc.Decode(cs.name, cookie.Value, &token)
+	if err != nil {
+		return nil, err
+	}
+
+	return token, nil
+}
+
+// Save stores the CSRF token in the session cookie.
+func (cs *cookieStore) Save(token []byte, w http.ResponseWriter) error {
+	// Generate an encoded cookie value with the CSRF token.
+	encoded, err := cs.sc.Encode(cs.name, token)
+	if err != nil {
+		return err
+	}
+
+	cookie := &http.Cookie{
+		Name:     cs.name,
+		Value:    encoded,
+		MaxAge:   cs.maxAge,
+		HttpOnly: cs.httpOnly,
+		Secure:   cs.secure,
+		Path:     cs.path,
+		Domain:   cs.domain,
+	}
+
+	// Set the Expires field on the cookie based on the MaxAge
+	// If MaxAge <= 0, we don't set the Expires attribute, making the cookie
+	// session-only.
+	if cs.maxAge > 0 {
+		cookie.Expires = time.Now().Add(
+			time.Duration(cs.maxAge) * time.Second)
+	}
+
+	// Write the authenticated cookie to the response.
+	http.SetCookie(w, cookie)
+
+	return nil
+}
diff --git a/vendor/github.com/pkg/errors/LICENSE b/vendor/github.com/pkg/errors/LICENSE
new file mode 100644
index 0000000..835ba3e
--- /dev/null
+++ b/vendor/github.com/pkg/errors/LICENSE
@@ -0,0 +1,23 @@
+Copyright (c) 2015, Dave Cheney <dave@cheney.net>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/pkg/errors/README.md b/vendor/github.com/pkg/errors/README.md
new file mode 100644
index 0000000..6ea6422
--- /dev/null
+++ b/vendor/github.com/pkg/errors/README.md
@@ -0,0 +1,50 @@
+# errors [![Travis-CI](https://travis-ci.org/pkg/errors.svg)](https://travis-ci.org/pkg/errors) [![AppVeyor](https://ci.appveyor.com/api/projects/status/b98mptawhudj53ep/branch/master?svg=true)](https://ci.appveyor.com/project/davecheney/errors/branch/master) [![GoDoc](https://godoc.org/github.com/pkg/errors?status.svg)](http://godoc.org/github.com/pkg/errors) [![Report card](https://goreportcard.com/badge/github.com/pkg/errors)](https://goreportcard.com/report/github.com/pkg/errors)
+
+Package errors provides simple error handling primitives.
+
+The traditional error handling idiom in Go is roughly akin to
+```go
+if err != nil {
+        return err
+}
+```
+which applied recursively up the call stack results in error reports without context or debugging information. The errors package allows programmers to add context to the failure path in their code in a way that does not destroy the original value of the error.
+
+## Adding context to an error
+
+The errors.Wrap function returns a new error that adds context to the original error. For example
+```go
+_, err := ioutil.ReadAll(r)
+if err != nil {
+        return errors.Wrap(err, "read failed")
+}
+```
+## Retrieving the cause of an error
+
+Using `errors.Wrap` constructs a stack of errors, adding context to the preceding error. Depending on the nature of the error it may be necessary to reverse the operation of errors.Wrap to retrieve the original error for inspection. Any error value which implements this interface can be inspected by `errors.Cause`.
+```go
+type causer interface {
+        Cause() error
+}
+```
+`errors.Cause` will recursively retrieve the topmost error which does not implement `causer`, which is assumed to be the original cause. For example:
+```go
+switch err := errors.Cause(err).(type) {
+case *MyError:
+        // handle specifically
+default:
+        // unknown error
+}
+```
+
+[Read the package documentation for more information](https://godoc.org/github.com/pkg/errors).
+
+## Contributing
+
+We welcome pull requests, bug fixes and issue reports. With that said, the bar for adding new symbols to this package is intentionally set high.
+
+Before proposing a change, please discuss your change by raising an issue.
+
+## Licence
+
+BSD-2-Clause
diff --git a/vendor/github.com/pkg/errors/appveyor.yml b/vendor/github.com/pkg/errors/appveyor.yml
new file mode 100644
index 0000000..a932ead
--- /dev/null
+++ b/vendor/github.com/pkg/errors/appveyor.yml
@@ -0,0 +1,32 @@
+version: build-{build}.{branch}
+
+clone_folder: C:\gopath\src\github.com\pkg\errors
+shallow_clone: true # for startup speed
+
+environment:
+  GOPATH: C:\gopath
+
+platform:
+  - x64
+
+# http://www.appveyor.com/docs/installed-software
+install:
+  # some helpful output for debugging builds
+  - go version
+  - go env
+  # pre-installed MinGW at C:\MinGW is 32bit only
+  # but MSYS2 at C:\msys64 has mingw64
+  - set PATH=C:\msys64\mingw64\bin;%PATH%
+  - gcc --version
+  - g++ --version
+
+build_script:
+  - go install -v ./...
+
+test_script:
+  - set PATH=C:\gopath\bin;%PATH%
+  - go test -v ./...
+
+#artifacts:
+#  - path: '%GOPATH%\bin\*.exe'
+deploy: off
diff --git a/vendor/github.com/pkg/errors/errors.go b/vendor/github.com/pkg/errors/errors.go
new file mode 100644
index 0000000..6c45c8d
--- /dev/null
+++ b/vendor/github.com/pkg/errors/errors.go
@@ -0,0 +1,214 @@
+// Package errors provides simple error handling primitives.
+//
+// The traditional error handling idiom in Go is roughly akin to
+//
+//     if err != nil {
+//             return err
+//     }
+//
+// which applied recursively up the call stack results in error reports
+// without context or debugging information. The errors package allows
+// programmers to add context to the failure path in their code in a way
+// that does not destroy the original value of the error.
+//
+// Adding context to an error
+//
+// The errors.Wrap function returns a new error that adds context to the
+// original error. For example
+//
+//     _, err := ioutil.ReadAll(r)
+//     if err != nil {
+//             return errors.Wrap(err, "read failed")
+//     }
+//
+// Retrieving the cause of an error
+//
+// Using errors.Wrap constructs a stack of errors, adding context to the
+// preceding error. Depending on the nature of the error it may be necessary
+// to reverse the operation of errors.Wrap to retrieve the original error
+// for inspection. Any error value which implements this interface
+//
+//     type Causer interface {
+//             Cause() error
+//     }
+//
+// can be inspected by errors.Cause. errors.Cause will recursively retrieve
+// the topmost error which does not implement causer, which is assumed to be
+// the original cause. For example:
+//
+//     switch err := errors.Cause(err).(type) {
+//     case *MyError:
+//             // handle specifically
+//     default:
+//             // unknown error
+//     }
+//
+// Formatted printing of errors
+//
+// All error values returned from this package implement fmt.Formatter and can
+// be formatted by the fmt package. The following verbs are supported
+//
+//     %s    print the error. If the error has a Cause it will be
+//           printed recursively
+//     %v    see %s
+//     %+v   extended format. Each Frame of the error's StackTrace will
+//           be printed in detail.
+//
+// Retrieving the stack trace of an error or wrapper
+//
+// New, Errorf, Wrap, and Wrapf record a stack trace at the point they are
+// invoked. This information can be retrieved with the following interface.
+//
+//     type stackTracer interface {
+//             StackTrace() errors.StackTrace
+//     }
+//
+// Where errors.StackTrace is defined as
+//
+//     type StackTrace []Frame
+//
+// The Frame type represents a call site in the stack trace. Frame supports
+// the fmt.Formatter interface that can be used for printing information about
+// the stack trace of this error. For example:
+//
+//     if err, ok := err.(stackTracer); ok {
+//             for _, f := range err.StackTrace() {
+//                     fmt.Printf("%+s:%d", f)
+//             }
+//     }
+//
+// See the documentation for Frame.Format for more details.
+package errors
+
+import (
+	"fmt"
+	"io"
+)
+
+// _error is an error implementation returned by New and Errorf
+// that implements its own fmt.Formatter.
+type _error struct {
+	msg string
+	*stack
+}
+
+func (e _error) Error() string { return e.msg }
+
+func (e _error) Format(s fmt.State, verb rune) {
+	switch verb {
+	case 'v':
+		if s.Flag('+') {
+			io.WriteString(s, e.msg)
+			fmt.Fprintf(s, "%+v", e.StackTrace())
+			return
+		}
+		fallthrough
+	case 's':
+		io.WriteString(s, e.msg)
+	}
+}
+
+// New returns an error with the supplied message.
+func New(message string) error {
+	return _error{
+		message,
+		callers(),
+	}
+}
+
+// Errorf formats according to a format specifier and returns the string
+// as a value that satisfies error.
+func Errorf(format string, args ...interface{}) error {
+	return _error{
+		fmt.Sprintf(format, args...),
+		callers(),
+	}
+}
+
+type cause struct {
+	cause error
+	msg   string
+}
+
+func (c cause) Error() string { return fmt.Sprintf("%s: %v", c.msg, c.Cause()) }
+func (c cause) Cause() error  { return c.cause }
+
+// wrapper is an error implementation returned by Wrap and Wrapf
+// that implements its own fmt.Formatter.
+type wrapper struct {
+	cause
+	*stack
+}
+
+func (w wrapper) Format(s fmt.State, verb rune) {
+	switch verb {
+	case 'v':
+		if s.Flag('+') {
+			fmt.Fprintf(s, "%+v\n", w.Cause())
+			io.WriteString(s, w.msg)
+			fmt.Fprintf(s, "%+v", w.StackTrace())
+			return
+		}
+		fallthrough
+	case 's':
+		io.WriteString(s, w.Error())
+	case 'q':
+		fmt.Fprintf(s, "%q", w.Error())
+	}
+}
+
+// Wrap returns an error annotating err with message.
+// If err is nil, Wrap returns nil.
+func Wrap(err error, message string) error {
+	if err == nil {
+		return nil
+	}
+	return wrapper{
+		cause: cause{
+			cause: err,
+			msg:   message,
+		},
+		stack: callers(),
+	}
+}
+
+// Wrapf returns an error annotating err with the format specifier.
+// If err is nil, Wrapf returns nil.
+func Wrapf(err error, format string, args ...interface{}) error {
+	if err == nil {
+		return nil
+	}
+	return wrapper{
+		cause: cause{
+			cause: err,
+			msg:   fmt.Sprintf(format, args...),
+		},
+		stack: callers(),
+	}
+}
+
+// Cause returns the underlying cause of the error, if possible.
+// An error value has a cause if it implements the following
+// interface:
+//
+//     type Causer interface {
+//            Cause() error
+//     }
+//
+// If the error does not implement Cause, the original error will
+// be returned. If the error is nil, nil will be returned without further
+// investigation.
+func Cause(err error) error {
+	type causer interface {
+		Cause() error
+	}
+
+	for err != nil {
+		cause, ok := err.(causer)
+		if !ok {
+			break
+		}
+		err = cause.Cause()
+	}
+	return err
+}
diff --git a/vendor/github.com/pkg/errors/stack.go b/vendor/github.com/pkg/errors/stack.go
new file mode 100644
index 0000000..243a64a
--- /dev/null
+++ b/vendor/github.com/pkg/errors/stack.go
@@ -0,0 +1,165 @@
+package errors
+
+import (
+	"fmt"
+	"io"
+	"path"
+	"runtime"
+	"strings"
+)
+
+// Frame represents a program counter inside a stack frame.
+type Frame uintptr
+
+// pc returns the program counter for this frame;
+// multiple frames may have the same PC value.
+func (f Frame) pc() uintptr { return uintptr(f) - 1 }
+
+// file returns the full path to the file that contains the
+// function for this Frame's pc.
+func (f Frame) file() string {
+	fn := runtime.FuncForPC(f.pc())
+	if fn == nil {
+		return "unknown"
+	}
+	file, _ := fn.FileLine(f.pc())
+	return file
+}
+
+// line returns the line number of source code of the
+// function for this Frame's pc.
+func (f Frame) line() int {
+	fn := runtime.FuncForPC(f.pc())
+	if fn == nil {
+		return 0
+	}
+	_, line := fn.FileLine(f.pc())
+	return line
+}
+
+// Format formats the frame according to the fmt.Formatter interface.
+//
+//    %s    source file
+//    %d    source line
+//    %n    function name
+//    %v    equivalent to %s:%d
+//
+// Format accepts flags that alter the printing of some verbs, as follows:
+//
+//    %+s   path of source file relative to the compile time GOPATH
+//    %+v   equivalent to %+s:%d
+func (f Frame) Format(s fmt.State, verb rune) {
+	switch verb {
+	case 's':
+		switch {
+		case s.Flag('+'):
+			pc := f.pc()
+			fn := runtime.FuncForPC(pc)
+			if fn == nil {
+				io.WriteString(s, "unknown")
+			} else {
+				file, _ := fn.FileLine(pc)
+				fmt.Fprintf(s, "%s\n\t%s", fn.Name(), file)
+			}
+		default:
+			io.WriteString(s, path.Base(f.file()))
+		}
+	case 'd':
+		fmt.Fprintf(s, "%d", f.line())
+	case 'n':
+		name := runtime.FuncForPC(f.pc()).Name()
+		io.WriteString(s, funcname(name))
+	case 'v':
+		f.Format(s, 's')
+		io.WriteString(s, ":")
+		f.Format(s, 'd')
+	}
+}
+
+// StackTrace is stack of Frames from innermost (newest) to outermost (oldest).
+type StackTrace []Frame
+
+func (st StackTrace) Format(s fmt.State, verb rune) {
+	switch verb {
+	case 'v':
+		switch {
+		case s.Flag('+'):
+			for _, f := range st {
+				fmt.Fprintf(s, "\n%+v", f)
+			}
+		case s.Flag('#'):
+			fmt.Fprintf(s, "%#v", []Frame(st))
+		default:
+			fmt.Fprintf(s, "%v", []Frame(st))
+		}
+	case 's':
+		fmt.Fprintf(s, "%s", []Frame(st))
+	}
+}
+
+// stack represents a stack of program counters.
+type stack []uintptr
+
+func (s *stack) StackTrace() StackTrace {
+	f := make([]Frame, len(*s))
+	for i := 0; i < len(f); i++ {
+		f[i] = Frame((*s)[i])
+	}
+	return f
+}
+
+func callers() *stack {
+	const depth = 32
+	var pcs [depth]uintptr
+	n := runtime.Callers(3, pcs[:])
+	var st stack = pcs[0:n]
+	return &st
+}
+
+// funcname removes the path prefix component of a function's name reported by func.Name().
+func funcname(name string) string {
+	i := strings.LastIndex(name, "/")
+	name = name[i+1:]
+	i = strings.Index(name, ".")
+	return name[i+1:]
+}
+
+func trimGOPATH(name, file string) string {
+	// Here we want to get the source file path relative to the compile time
+	// GOPATH. As of Go 1.6.x there is no direct way to know the compiled
+	// GOPATH at runtime, but we can infer the number of path segments in the
+	// GOPATH. We note that fn.Name() returns the function name qualified by
+	// the import path, which does not include the GOPATH. Thus we can trim
+	// segments from the beginning of the file path until the number of path
+	// separators remaining is one more than the number of path separators in
+	// the function name. For example, given:
+	//
+	//    GOPATH     /home/user
+	//    file       /home/user/src/pkg/sub/file.go
+	//    fn.Name()  pkg/sub.Type.Method
+	//
+	// We want to produce:
+	//
+	//    pkg/sub/file.go
+	//
+	// From this we can easily see that fn.Name() has one less path separator
+	// than our desired output. We count separators from the end of the file
+	// path until it finds two more than in the function name and then move
+	// one character forward to preserve the initial path segment without a
+	// leading separator.
+	const sep = "/"
+	goal := strings.Count(name, sep) + 2
+	i := len(file)
+	for n := 0; n < goal; n++ {
+		i = strings.LastIndex(file[:i], sep)
+		if i == -1 {
+			// not enough separators found, set i so that the slice expression
+			// below leaves file unmodified
+			i = -len(sep)
+			break
+		}
+	}
+	// get back to 0 or trim the leading separator
+	file = file[i+len(sep):]
+	return file
+}
diff --git a/vendor/vendor.json b/vendor/vendor.json
index cb9fb7a..4e31773 100644
--- a/vendor/vendor.json
+++ b/vendor/vendor.json
@@ -213,6 +213,12 @@
 			"revisionTime": "2016-05-25T20:33:19Z"
 		},
 		{
+			"checksumSHA1": "ahJb/rIOtBflDbJmW/SWcb8Cu74=",
+			"path": "github.com/gorilla/csrf",
+			"revision": "4642ecf016ef548770875073f867ea02b4385f69",
+			"revisionTime": "2016-06-12T20:50:39Z"
+		},
+		{
 			"checksumSHA1": "flNRZk3oyHmsux8UsGbj7ziYtUo=",
 			"path": "github.com/gorilla/handlers",
 			"revision": "66e6c6f01d8da976ee113437745ca029c2b585a6",
@@ -328,6 +334,12 @@
 			"revisionTime": "2016-01-18T05:35:52Z"
 		},
 		{
+			"checksumSHA1": "GcaTbmmzSGqTb2X6qnNtmDyew1Q=",
+			"path": "github.com/pkg/errors",
+			"revision": "a2d6902c6d2a2f194eb3fb474981ab7867c81505",
+			"revisionTime": "2016-06-27T22:23:52Z"
+		},
+		{
 			"checksumSHA1": "zKKp5SZ3d3ycKe4EKMNT0BqAWBw=",
 			"origin": "github.com/stretchr/testify/vendor/github.com/pmezard/go-difflib/difflib",
 			"path": "github.com/pmezard/go-difflib/difflib",