From 8c12c6939aab9106db14ec2d11d983bc5b29fb2c Mon Sep 17 00:00:00 2001
From: Niall Sheridan <nsheridan@gmail.com>
Date: Sun, 7 Jul 2019 21:33:44 +0100
Subject: Switch to modules

---
 vendor/github.com/gorilla/csrf/AUTHORS           |  20 --
 vendor/github.com/gorilla/csrf/Gopkg.lock        |  27 ---
 vendor/github.com/gorilla/csrf/Gopkg.toml        |  34 ---
 vendor/github.com/gorilla/csrf/LICENSE           |  26 ---
 vendor/github.com/gorilla/csrf/README.md         | 237 -------------------
 vendor/github.com/gorilla/csrf/context.go        |  29 ---
 vendor/github.com/gorilla/csrf/context_legacy.go |  28 ---
 vendor/github.com/gorilla/csrf/csrf.go           | 279 -----------------------
 vendor/github.com/gorilla/csrf/doc.go            | 176 --------------
 vendor/github.com/gorilla/csrf/go.mod            |   7 -
 vendor/github.com/gorilla/csrf/helpers.go        | 203 -----------------
 vendor/github.com/gorilla/csrf/options.go        | 130 -----------
 vendor/github.com/gorilla/csrf/store.go          |  82 -------
 13 files changed, 1278 deletions(-)
 delete mode 100644 vendor/github.com/gorilla/csrf/AUTHORS
 delete mode 100644 vendor/github.com/gorilla/csrf/Gopkg.lock
 delete mode 100644 vendor/github.com/gorilla/csrf/Gopkg.toml
 delete mode 100644 vendor/github.com/gorilla/csrf/LICENSE
 delete mode 100644 vendor/github.com/gorilla/csrf/README.md
 delete mode 100644 vendor/github.com/gorilla/csrf/context.go
 delete mode 100644 vendor/github.com/gorilla/csrf/context_legacy.go
 delete mode 100644 vendor/github.com/gorilla/csrf/csrf.go
 delete mode 100644 vendor/github.com/gorilla/csrf/doc.go
 delete mode 100644 vendor/github.com/gorilla/csrf/go.mod
 delete mode 100644 vendor/github.com/gorilla/csrf/helpers.go
 delete mode 100644 vendor/github.com/gorilla/csrf/options.go
 delete mode 100644 vendor/github.com/gorilla/csrf/store.go

(limited to 'vendor/github.com/gorilla/csrf')

diff --git a/vendor/github.com/gorilla/csrf/AUTHORS b/vendor/github.com/gorilla/csrf/AUTHORS
deleted file mode 100644
index 4e84c37..0000000
--- a/vendor/github.com/gorilla/csrf/AUTHORS
+++ /dev/null
@@ -1,20 +0,0 @@
-# This is the official list of gorilla/csrf authors for copyright purposes.
-# Please keep the list sorted.
-
-adiabatic <adiabatic@users.noreply.github.com>
-Google LLC (https://opensource.google.com)
-jamesgroat <james@groat.com>
-Joshua Carp <jm.carp@gmail.com>
-Kamil Kisiel <kamil@kamilkisiel.net>
-Kevin Burke <kev@inburke.com>
-Kévin Dunglas <dunglas@gmail.com>
-Kristoffer Berdal <web@flexd.net>
-Martin Angers <martin.n.angers@gmail.com>
-Matt Silverlock <matt@eatsleeprepeat.net>
-Philip I. Thomas <mail@philipithomas.com>
-Richard Musiol <mail@richard-musiol.de>
-Seth Hoenig <seth.a.hoenig@gmail.com>
-Stefano Vettorazzi <stefanovc@gmail.com>
-Wayne Ashley Berry <wayneashleyberry@gmail.com>
-田浩浩 <llitfkitfk@gmail.com>
-陈东海 <cdh_cjx@163.com>
diff --git a/vendor/github.com/gorilla/csrf/Gopkg.lock b/vendor/github.com/gorilla/csrf/Gopkg.lock
deleted file mode 100644
index 5db9540..0000000
--- a/vendor/github.com/gorilla/csrf/Gopkg.lock
+++ /dev/null
@@ -1,27 +0,0 @@
-# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
-
-
-[[projects]]
-  name = "github.com/gorilla/context"
-  packages = ["."]
-  revision = "1ea25387ff6f684839d82767c1733ff4d4d15d0a"
-  version = "v1.1"
-
-[[projects]]
-  name = "github.com/gorilla/securecookie"
-  packages = ["."]
-  revision = "667fe4e3466a040b780561fe9b51a83a3753eefc"
-  version = "v1.1"
-
-[[projects]]
-  name = "github.com/pkg/errors"
-  packages = ["."]
-  revision = "645ef00459ed84a119197bfb8d8205042c6df63d"
-  version = "v0.8.0"
-
-[solve-meta]
-  analyzer-name = "dep"
-  analyzer-version = 1
-  inputs-digest = "1695686bc8fa0eb76df9fe8c5ca473686071ddcf795a0595a9465a03e8ac9bef"
-  solver-name = "gps-cdcl"
-  solver-version = 1
diff --git a/vendor/github.com/gorilla/csrf/Gopkg.toml b/vendor/github.com/gorilla/csrf/Gopkg.toml
deleted file mode 100644
index 02837b1..0000000
--- a/vendor/github.com/gorilla/csrf/Gopkg.toml
+++ /dev/null
@@ -1,34 +0,0 @@
-
-# Gopkg.toml example
-#
-# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md
-# for detailed Gopkg.toml documentation.
-#
-# required = ["github.com/user/thing/cmd/thing"]
-# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
-#
-# [[constraint]]
-#   name = "github.com/user/project"
-#   version = "1.0.0"
-#
-# [[constraint]]
-#   name = "github.com/user/project2"
-#   branch = "dev"
-#   source = "github.com/myfork/project2"
-#
-# [[override]]
-#  name = "github.com/x/y"
-#  version = "2.4.0"
-
-
-[[constraint]]
-  name = "github.com/gorilla/context"
-  version = "1.1.0"
-
-[[constraint]]
-  name = "github.com/gorilla/securecookie"
-  version = "1.1.0"
-
-[[constraint]]
-  name = "github.com/pkg/errors"
-  version = "0.8.0"
diff --git a/vendor/github.com/gorilla/csrf/LICENSE b/vendor/github.com/gorilla/csrf/LICENSE
deleted file mode 100644
index c1eb344..0000000
--- a/vendor/github.com/gorilla/csrf/LICENSE
+++ /dev/null
@@ -1,26 +0,0 @@
-Copyright (c) 2015-2018, The Gorilla Authors. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without modification,
-are permitted provided that the following conditions are met:
-
-1. Redistributions of source code must retain the above copyright notice, this
-list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright notice,
-this list of conditions and the following disclaimer in the documentation and/or
-other materials provided with the distribution.
-
-3. Neither the name of the copyright holder nor the names of its contributors
-may be used to endorse or promote products derived from this software without
-specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
-ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
-ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/gorilla/csrf/README.md b/vendor/github.com/gorilla/csrf/README.md
deleted file mode 100644
index 6bcca60..0000000
--- a/vendor/github.com/gorilla/csrf/README.md
+++ /dev/null
@@ -1,237 +0,0 @@
-# gorilla/csrf
-
-[![GoDoc](https://godoc.org/github.com/gorilla/csrf?status.svg)](https://godoc.org/github.com/gorilla/csrf) [![Build Status](https://travis-ci.org/gorilla/csrf.svg?branch=master)](https://travis-ci.org/gorilla/csrf) [![Sourcegraph](https://sourcegraph.com/github.com/gorilla/csrf/-/badge.svg)](https://sourcegraph.com/github.com/gorilla/csrf?badge)
-
-gorilla/csrf is a HTTP middleware library that provides [cross-site request
-forgery](http://blog.codinghorror.com/preventing-csrf-and-xsrf-attacks/) (CSRF)
-protection. It includes:
-
-- The `csrf.Protect` middleware/handler provides CSRF protection on routes
-  attached to a router or a sub-router.
-- A `csrf.Token` function that provides the token to pass into your response,
-  whether that be a HTML form or a JSON response body.
-- ... and a `csrf.TemplateField` helper that you can pass into your `html/template`
-  templates to replace a `{{ .csrfField }}` template tag with a hidden input
-  field.
-
-gorilla/csrf is designed to work with any Go web framework, including:
-
-- The [Gorilla](http://www.gorillatoolkit.org/) toolkit
-- Go's built-in [net/http](http://golang.org/pkg/net/http/) package
-- [Goji](https://goji.io) - see the [tailored fork](https://github.com/goji/csrf)
-- [Gin](https://github.com/gin-gonic/gin)
-- [Echo](https://github.com/labstack/echo)
-- ... and any other router/framework that rallies around Go's `http.Handler` interface.
-
-gorilla/csrf is also compatible with middleware 'helper' libraries like
-[Alice](https://github.com/justinas/alice) and [Negroni](https://github.com/codegangsta/negroni).
-
-## Install
-
-With a properly configured Go toolchain:
-
-```sh
-go get github.com/gorilla/csrf
-```
-
-## Examples
-
-- [HTML Forms](#html-forms)
-- [JavaScript Apps](#javascript-applications)
-- [Google App Engine](#google-app-engine)
-- [Setting Options](#setting-options)
-
-gorilla/csrf is easy to use: add the middleware to your router with
-the below:
-
-```go
-CSRF := csrf.Protect([]byte("32-byte-long-auth-key"))
-http.ListenAndServe(":8000", CSRF(r))
-```
-
-...and then collect the token with `csrf.Token(r)` in your handlers before
-passing it to the template, JSON body or HTTP header (see below).
-
-Note that the authentication key passed to `csrf.Protect([]byte(key))` should be
-32-bytes long and persist across application restarts. Generating a random key
-won't allow you to authenticate existing cookies and will break your CSRF
-validation.
-
-gorilla/csrf inspects the HTTP headers (first) and form body (second) on
-subsequent POST/PUT/PATCH/DELETE/etc. requests for the token.
-
-### HTML Forms
-
-Here's the common use-case: HTML forms you want to provide CSRF protection for,
-in order to protect malicious POST requests being made:
-
-```go
-package main
-
-import (
-    "net/http"
-
-    "github.com/gorilla/csrf"
-    "github.com/gorilla/mux"
-)
-
-func main() {
-    r := mux.NewRouter()
-    r.HandleFunc("/signup", ShowSignupForm)
-    // All POST requests without a valid token will return HTTP 403 Forbidden.
-    // We should also ensure that our mutating (non-idempotent) handler only
-    // matches on POST requests. We can check that here, at the router level, or
-    // within the handler itself via r.Method.
-    r.HandleFunc("/signup/post", SubmitSignupForm).Methods("POST")
-
-    // Add the middleware to your router by wrapping it.
-    http.ListenAndServe(":8000",
-        csrf.Protect([]byte("32-byte-long-auth-key"))(r))
-    // PS: Don't forget to pass csrf.Secure(false) if you're developing locally
-    // over plain HTTP (just don't leave it on in production).
-}
-
-func ShowSignupForm(w http.ResponseWriter, r *http.Request) {
-    // signup_form.tmpl just needs a {{ .csrfField }} template tag for
-    // csrf.TemplateField to inject the CSRF token into. Easy!
-    t.ExecuteTemplate(w, "signup_form.tmpl", map[string]interface{}{
-        csrf.TemplateTag: csrf.TemplateField(r),
-    })
-    // We could also retrieve the token directly from csrf.Token(r) and
-    // set it in the request header - w.Header.Set("X-CSRF-Token", token)
-    // This is useful if you're sending JSON to clients or a front-end JavaScript
-    // framework.
-}
-
-func SubmitSignupForm(w http.ResponseWriter, r *http.Request) {
-    // We can trust that requests making it this far have satisfied
-    // our CSRF protection requirements.
-}
-```
-
-Note that the CSRF middleware will (by necessity) consume the request body if the
-token is passed via POST form values. If you need to consume this in your
-handler, insert your own middleware earlier in the chain to capture the request
-body.
-
-### JavaScript Applications
-
-This approach is useful if you're using a front-end JavaScript framework like
-React, Ember or Angular, or are providing a JSON API.
-
-We'll also look at applying selective CSRF protection using
-[gorilla/mux's](http://www.gorillatoolkit.org/pkg/mux) sub-routers,
-as we don't handle any POST/PUT/DELETE requests with our top-level router.
-
-```go
-package main
-
-import (
-    "github.com/gorilla/csrf"
-    "github.com/gorilla/mux"
-)
-
-func main() {
-    r := mux.NewRouter()
-
-    api := r.PathPrefix("/api").Subrouter()
-    api.HandleFunc("/user/{id}", GetUser).Methods("GET")
-
-    http.ListenAndServe(":8000",
-        csrf.Protect([]byte("32-byte-long-auth-key"))(r))
-}
-
-func GetUser(w http.ResponseWriter, r *http.Request) {
-    // Authenticate the request, get the id from the route params,
-    // and fetch the user from the DB, etc.
-
-    // Get the token and pass it in the CSRF header. Our JSON-speaking client
-    // or JavaScript framework can now read the header and return the token in
-    // in its own "X-CSRF-Token" request header on the subsequent POST.
-    w.Header().Set("X-CSRF-Token", csrf.Token(r))
-    b, err := json.Marshal(user)
-    if err != nil {
-        http.Error(w, err.Error(), 500)
-        return
-    }
-
-    w.Write(b)
-}
-```
-
-### Google App Engine
-
-If you're using [Google App
-Engine](https://cloud.google.com/appengine/docs/go/how-requests-are-handled#Go_Requests_and_HTTP),
-which doesn't allow you to hook into the default `http.ServeMux` directly,
-you can still use gorilla/csrf (and gorilla/mux):
-
-```go
-package app
-
-// Remember: appengine has its own package main
-func init() {
-    r := mux.NewRouter()
-    r.HandleFunc("/", IndexHandler)
-    // ...
-
-    // We pass our CSRF-protected router to the DefaultServeMux
-    http.Handle("/", csrf.Protect([]byte(your-key))(r))
-}
-```
-
-### Setting Options
-
-What about providing your own error handler and changing the HTTP header the
-package inspects on requests? (i.e. an existing API you're porting to Go). Well,
-gorilla/csrf provides options for changing these as you see fit:
-
-```go
-func main() {
-    CSRF := csrf.Protect(
-            []byte("a-32-byte-long-key-goes-here"),
-            csrf.RequestHeader("Authenticity-Token"),
-            csrf.FieldName("authenticity_token"),
-            csrf.ErrorHandler(http.HandlerFunc(serverError(403))),
-    )
-
-    r := mux.NewRouter()
-    r.HandleFunc("/signup", GetSignupForm)
-    r.HandleFunc("/signup/post", PostSignupForm)
-
-    http.ListenAndServe(":8000", CSRF(r))
-}
-```
-
-Not too bad, right?
-
-If there's something you're confused about or a feature you would like to see
-added, open an issue.
-
-## Design Notes
-
-Getting CSRF protection right is important, so here's some background:
-
-- This library generates unique-per-request (masked) tokens as a mitigation
-  against the [BREACH attack](http://breachattack.com/).
-- The 'base' (unmasked) token is stored in the session, which means that
-  multiple browser tabs won't cause a user problems as their per-request token
-  is compared with the base token.
-- Operates on a "whitelist only" approach where safe (non-mutating) HTTP methods
-  (GET, HEAD, OPTIONS, TRACE) are the _only_ methods where token validation is not
-  enforced.
-- The design is based on the battle-tested
-  [Django](https://docs.djangoproject.com/en/1.8/ref/csrf/) and [Ruby on
-  Rails](http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html)
-  approaches.
-- Cookies are authenticated and based on the [securecookie](https://github.com/gorilla/securecookie)
-  library. They're also Secure (issued over HTTPS only) and are HttpOnly
-  by default, because sane defaults are important.
-- Go's `crypto/rand` library is used to generate the 32 byte (256 bit) tokens
-  and the one-time-pad used for masking them.
-
-This library does not seek to be adventurous.
-
-## License
-
-BSD licensed. See the LICENSE file for details.
diff --git a/vendor/github.com/gorilla/csrf/context.go b/vendor/github.com/gorilla/csrf/context.go
deleted file mode 100644
index d8bb42f..0000000
--- a/vendor/github.com/gorilla/csrf/context.go
+++ /dev/null
@@ -1,29 +0,0 @@
-// +build go1.7
-
-package csrf
-
-import (
-	"context"
-	"net/http"
-
-	"github.com/pkg/errors"
-)
-
-func contextGet(r *http.Request, key string) (interface{}, error) {
-	val := r.Context().Value(key)
-	if val == nil {
-		return nil, errors.Errorf("no value exists in the context for key %q", key)
-	}
-
-	return val, nil
-}
-
-func contextSave(r *http.Request, key string, val interface{}) *http.Request {
-	ctx := r.Context()
-	ctx = context.WithValue(ctx, key, val)
-	return r.WithContext(ctx)
-}
-
-func contextClear(r *http.Request) {
-	// no-op for go1.7+
-}
diff --git a/vendor/github.com/gorilla/csrf/context_legacy.go b/vendor/github.com/gorilla/csrf/context_legacy.go
deleted file mode 100644
index f88c9eb..0000000
--- a/vendor/github.com/gorilla/csrf/context_legacy.go
+++ /dev/null
@@ -1,28 +0,0 @@
-// +build !go1.7
-
-package csrf
-
-import (
-	"net/http"
-
-	"github.com/gorilla/context"
-
-	"github.com/pkg/errors"
-)
-
-func contextGet(r *http.Request, key string) (interface{}, error) {
-	if val, ok := context.GetOk(r, key); ok {
-		return val, nil
-	}
-
-	return nil, errors.Errorf("no value exists in the context for key %q", key)
-}
-
-func contextSave(r *http.Request, key string, val interface{}) *http.Request {
-	context.Set(r, key, val)
-	return r
-}
-
-func contextClear(r *http.Request) {
-	context.Clear(r)
-}
diff --git a/vendor/github.com/gorilla/csrf/csrf.go b/vendor/github.com/gorilla/csrf/csrf.go
deleted file mode 100644
index cc7878f..0000000
--- a/vendor/github.com/gorilla/csrf/csrf.go
+++ /dev/null
@@ -1,279 +0,0 @@
-package csrf
-
-import (
-	"fmt"
-	"net/http"
-	"net/url"
-
-	"github.com/pkg/errors"
-
-	"github.com/gorilla/securecookie"
-)
-
-// CSRF token length in bytes.
-const tokenLength = 32
-
-// Context/session keys & prefixes
-const (
-	tokenKey     string = "gorilla.csrf.Token"
-	formKey      string = "gorilla.csrf.Form"
-	errorKey     string = "gorilla.csrf.Error"
-	skipCheckKey string = "gorilla.csrf.Skip"
-	cookieName   string = "_gorilla_csrf"
-	errorPrefix  string = "gorilla/csrf: "
-)
-
-var (
-	// The name value used in form fields.
-	fieldName = tokenKey
-	// defaultAge sets the default MaxAge for cookies.
-	defaultAge = 3600 * 12
-	// The default HTTP request header to inspect
-	headerName = "X-CSRF-Token"
-	// Idempotent (safe) methods as defined by RFC7231 section 4.2.2.
-	safeMethods = []string{"GET", "HEAD", "OPTIONS", "TRACE"}
-)
-
-// TemplateTag provides a default template tag - e.g. {{ .csrfField }} - for use
-// with the TemplateField function.
-var TemplateTag = "csrfField"
-
-var (
-	// ErrNoReferer is returned when a HTTPS request provides an empty Referer
-	// header.
-	ErrNoReferer = errors.New("referer not supplied")
-	// ErrBadReferer is returned when the scheme & host in the URL do not match
-	// the supplied Referer header.
-	ErrBadReferer = errors.New("referer invalid")
-	// ErrNoToken is returned if no CSRF token is supplied in the request.
-	ErrNoToken = errors.New("CSRF token not found in request")
-	// ErrBadToken is returned if the CSRF token in the request does not match
-	// the token in the session, or is otherwise malformed.
-	ErrBadToken = errors.New("CSRF token invalid")
-)
-
-type csrf struct {
-	h    http.Handler
-	sc   *securecookie.SecureCookie
-	st   store
-	opts options
-}
-
-// options contains the optional settings for the CSRF middleware.
-type options struct {
-	MaxAge int
-	Domain string
-	Path   string
-	// Note that the function and field names match the case of the associated
-	// http.Cookie field instead of the "correct" HTTPOnly name that golint suggests.
-	HttpOnly      bool
-	Secure        bool
-	RequestHeader string
-	FieldName     string
-	ErrorHandler  http.Handler
-	CookieName    string
-}
-
-// Protect is HTTP middleware that provides Cross-Site Request Forgery
-// protection.
-//
-// It securely generates a masked (unique-per-request) token that
-// can be embedded in the HTTP response (e.g. form field or HTTP header).
-// The original (unmasked) token is stored in the session, which is inaccessible
-// by an attacker (provided you are using HTTPS). Subsequent requests are
-// expected to include this token, which is compared against the session token.
-// Requests that do not provide a matching token are served with a HTTP 403
-// 'Forbidden' error response.
-//
-// Example:
-//	package main
-//
-//	import (
-//		"html/template"
-//
-//		"github.com/gorilla/csrf"
-//		"github.com/gorilla/mux"
-//	)
-//
-//	var t = template.Must(template.New("signup_form.tmpl").Parse(form))
-//
-//	func main() {
-//		r := mux.NewRouter()
-//
-//		r.HandleFunc("/signup", GetSignupForm)
-//		// POST requests without a valid token will return a HTTP 403 Forbidden.
-//		r.HandleFunc("/signup/post", PostSignupForm)
-//
-//		// Add the middleware to your router.
-//		http.ListenAndServe(":8000",
-//		// Note that the authentication key provided should be 32 bytes
-//		// long and persist across application restarts.
-//			  csrf.Protect([]byte("32-byte-long-auth-key"))(r))
-//	}
-//
-//	func GetSignupForm(w http.ResponseWriter, r *http.Request) {
-//		// signup_form.tmpl just needs a {{ .csrfField }} template tag for
-//		// csrf.TemplateField to inject the CSRF token into. Easy!
-//		t.ExecuteTemplate(w, "signup_form.tmpl", map[string]interface{}{
-//			csrf.TemplateTag: csrf.TemplateField(r),
-//		})
-//		// We could also retrieve the token directly from csrf.Token(r) and
-//		// set it in the request header - w.Header.Set("X-CSRF-Token", token)
-//		// This is useful if you're sending JSON to clients or a front-end JavaScript
-//		// framework.
-//	}
-//
-func Protect(authKey []byte, opts ...Option) func(http.Handler) http.Handler {
-	return func(h http.Handler) http.Handler {
-		cs := parseOptions(h, opts...)
-
-		// Set the defaults if no options have been specified
-		if cs.opts.ErrorHandler == nil {
-			cs.opts.ErrorHandler = http.HandlerFunc(unauthorizedHandler)
-		}
-
-		if cs.opts.MaxAge < 0 {
-			// Default of 12 hours
-			cs.opts.MaxAge = defaultAge
-		}
-
-		if cs.opts.FieldName == "" {
-			cs.opts.FieldName = fieldName
-		}
-
-		if cs.opts.CookieName == "" {
-			cs.opts.CookieName = cookieName
-		}
-
-		if cs.opts.RequestHeader == "" {
-			cs.opts.RequestHeader = headerName
-		}
-
-		// Create an authenticated securecookie instance.
-		if cs.sc == nil {
-			cs.sc = securecookie.New(authKey, nil)
-			// Use JSON serialization (faster than one-off gob encoding)
-			cs.sc.SetSerializer(securecookie.JSONEncoder{})
-			// Set the MaxAge of the underlying securecookie.
-			cs.sc.MaxAge(cs.opts.MaxAge)
-		}
-
-		if cs.st == nil {
-			// Default to the cookieStore
-			cs.st = &cookieStore{
-				name:     cs.opts.CookieName,
-				maxAge:   cs.opts.MaxAge,
-				secure:   cs.opts.Secure,
-				httpOnly: cs.opts.HttpOnly,
-				path:     cs.opts.Path,
-				domain:   cs.opts.Domain,
-				sc:       cs.sc,
-			}
-		}
-
-		return cs
-	}
-}
-
-// Implements http.Handler for the csrf type.
-func (cs *csrf) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	// Skip the check if directed to. This should always be a bool.
-	if val, err := contextGet(r, skipCheckKey); err == nil {
-		if skip, ok := val.(bool); ok {
-			if skip {
-				cs.h.ServeHTTP(w, r)
-				return
-			}
-		}
-	}
-
-	// Retrieve the token from the session.
-	// An error represents either a cookie that failed HMAC validation
-	// or that doesn't exist.
-	realToken, err := cs.st.Get(r)
-	if err != nil || len(realToken) != tokenLength {
-		// If there was an error retrieving the token, the token doesn't exist
-		// yet, or it's the wrong length, generate a new token.
-		// Note that the new token will (correctly) fail validation downstream
-		// as it will no longer match the request token.
-		realToken, err = generateRandomBytes(tokenLength)
-		if err != nil {
-			r = envError(r, err)
-			cs.opts.ErrorHandler.ServeHTTP(w, r)
-			return
-		}
-
-		// Save the new (real) token in the session store.
-		err = cs.st.Save(realToken, w)
-		if err != nil {
-			r = envError(r, err)
-			cs.opts.ErrorHandler.ServeHTTP(w, r)
-			return
-		}
-	}
-
-	// Save the masked token to the request context
-	r = contextSave(r, tokenKey, mask(realToken, r))
-	// Save the field name to the request context
-	r = contextSave(r, formKey, cs.opts.FieldName)
-
-	// HTTP methods not defined as idempotent ("safe") under RFC7231 require
-	// inspection.
-	if !contains(safeMethods, r.Method) {
-		// Enforce an origin check for HTTPS connections. As per the Django CSRF
-		// implementation (https://goo.gl/vKA7GE) the Referer header is almost
-		// always present for same-domain HTTP requests.
-		if r.URL.Scheme == "https" {
-			// Fetch the Referer value. Call the error handler if it's empty or
-			// otherwise fails to parse.
-			referer, err := url.Parse(r.Referer())
-			if err != nil || referer.String() == "" {
-				r = envError(r, ErrNoReferer)
-				cs.opts.ErrorHandler.ServeHTTP(w, r)
-				return
-			}
-
-			if sameOrigin(r.URL, referer) == false {
-				r = envError(r, ErrBadReferer)
-				cs.opts.ErrorHandler.ServeHTTP(w, r)
-				return
-			}
-		}
-
-		// If the token returned from the session store is nil for non-idempotent
-		// ("unsafe") methods, call the error handler.
-		if realToken == nil {
-			r = envError(r, ErrNoToken)
-			cs.opts.ErrorHandler.ServeHTTP(w, r)
-			return
-		}
-
-		// Retrieve the combined token (pad + masked) token and unmask it.
-		requestToken := unmask(cs.requestToken(r))
-
-		// Compare the request token against the real token
-		if !compareTokens(requestToken, realToken) {
-			r = envError(r, ErrBadToken)
-			cs.opts.ErrorHandler.ServeHTTP(w, r)
-			return
-		}
-
-	}
-
-	// Set the Vary: Cookie header to protect clients from caching the response.
-	w.Header().Add("Vary", "Cookie")
-
-	// Call the wrapped handler/router on success.
-	cs.h.ServeHTTP(w, r)
-	// Clear the request context after the handler has completed.
-	contextClear(r)
-}
-
-// unauthorizedhandler sets a HTTP 403 Forbidden status and writes the
-// CSRF failure reason to the response.
-func unauthorizedHandler(w http.ResponseWriter, r *http.Request) {
-	http.Error(w, fmt.Sprintf("%s - %s",
-		http.StatusText(http.StatusForbidden), FailureReason(r)),
-		http.StatusForbidden)
-	return
-}
diff --git a/vendor/github.com/gorilla/csrf/doc.go b/vendor/github.com/gorilla/csrf/doc.go
deleted file mode 100644
index 503c948..0000000
--- a/vendor/github.com/gorilla/csrf/doc.go
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
-Package csrf (gorilla/csrf) provides Cross Site Request Forgery (CSRF)
-prevention middleware for Go web applications & services.
-
-It includes:
-
-* The `csrf.Protect` middleware/handler provides CSRF protection on routes
-attached to a router or a sub-router.
-
-* A `csrf.Token` function that provides the token to pass into your response,
-whether that be a HTML form or a JSON response body.
-
-* ... and a `csrf.TemplateField` helper that you can pass into your `html/template`
-templates to replace a `{{ .csrfField }}` template tag with a hidden input
-field.
-
-gorilla/csrf is easy to use: add the middleware to individual handlers with
-the below:
-
-    CSRF := csrf.Protect([]byte("32-byte-long-auth-key"))
-    http.HandlerFunc("/route", CSRF(YourHandler))
-
-... and then collect the token with `csrf.Token(r)` before passing it to the
-template, JSON body or HTTP header (you pick!). gorilla/csrf inspects the form body
-(first) and HTTP headers (second) on subsequent POST/PUT/PATCH/DELETE/etc. requests
-for the token.
-
-Note that the authentication key passed to `csrf.Protect([]byte(key))` should be
-32-bytes long and persist across application restarts. Generating a random key
-won't allow you to authenticate existing cookies and will break your CSRF
-validation.
-
-Here's the common use-case: HTML forms you want to provide CSRF protection for,
-in order to protect malicious POST requests being made:
-
-	package main
-
-	import (
-		"fmt"
-		"html/template"
-		"net/http"
-
-		"github.com/gorilla/csrf"
-		"github.com/gorilla/mux"
-	)
-
-	var form = `
-	<html>
-	<head>
-	<title>Sign Up!</title>
-	</head>
-	<body>
-	<form method="POST" action="/signup/post" accept-charset="UTF-8">
-	<input type="text" name="name">
-	<input type="text" name="email">
-	<!--
-	The default template tag used by the CSRF middleware .
-	This will be replaced with a hidden <input> field containing the
-	masked CSRF token.
-	-->
-	{{ .csrfField }}
-	<input type="submit" value="Sign up!">
-	</form>
-	</body>
-	</html>
-	`
-
-	var t = template.Must(template.New("signup_form.tmpl").Parse(form))
-
-	func main() {
-		r := mux.NewRouter()
-		r.HandleFunc("/signup", ShowSignupForm)
-		// All POST requests without a valid token will return HTTP 403 Forbidden.
-		// We should also ensure that our mutating (non-idempotent) handler only
-		// matches on POST requests. We can check that here, at the router level, or
-		// within the handler itself via r.Method.
-		r.HandleFunc("/signup/post", SubmitSignupForm).Methods("POST")
-
-		// Add the middleware to your router by wrapping it.
-		http.ListenAndServe(":8000",
-		csrf.Protect([]byte("32-byte-long-auth-key"))(r))
-		// PS: Don't forget to pass csrf.Secure(false) if you're developing locally
-		// over plain HTTP (just don't leave it on in production).
-	}
-
-	func ShowSignupForm(w http.ResponseWriter, r *http.Request) {
-		// signup_form.tmpl just needs a {{ .csrfField }} template tag for
-		// csrf.TemplateField to inject the CSRF token into. Easy!
-		t.ExecuteTemplate(w, "signup_form.tmpl", map[string]interface{}{
-			csrf.TemplateTag: csrf.TemplateField(r),
-		})
-	}
-
-	func SubmitSignupForm(w http.ResponseWriter, r *http.Request) {
-		// We can trust that requests making it this far have satisfied
-		// our CSRF protection requirements.
-		fmt.Fprintf(w, "%v\n", r.PostForm)
-	}
-
-Note that the CSRF middleware will (by necessity) consume the request body if the
-token is passed via POST form values. If you need to consume this in your
-handler, insert your own middleware earlier in the chain to capture the request
-body.
-
-You can also send the CSRF token in the response header. This approach is useful
-if you're using a front-end JavaScript framework like Ember or Angular, or are
-providing a JSON API:
-
-	package main
-
-	import (
-		"github.com/gorilla/csrf"
-		"github.com/gorilla/mux"
-	)
-
-	func main() {
-		r := mux.NewRouter()
-
-		api := r.PathPrefix("/api").Subrouter()
-		api.HandleFunc("/user/:id", GetUser).Methods("GET")
-
-		http.ListenAndServe(":8000",
-		csrf.Protect([]byte("32-byte-long-auth-key"))(r))
-	}
-
-	func GetUser(w http.ResponseWriter, r *http.Request) {
-		// Authenticate the request, get the id from the route params,
-		// and fetch the user from the DB, etc.
-
-		// Get the token and pass it in the CSRF header. Our JSON-speaking client
-		// or JavaScript framework can now read the header and return the token in
-		// in its own "X-CSRF-Token" request header on the subsequent POST.
-		w.Header().Set("X-CSRF-Token", csrf.Token(r))
-		b, err := json.Marshal(user)
-		if err != nil {
-			http.Error(w, err.Error(), 500)
-			return
-		}
-
-		w.Write(b)
-	}
-
-If you're writing a client that's supposed to mimic browser behavior, make sure to
-send back the CSRF cookie (the default name is _gorilla_csrf, but this can be changed
-with the CookieName Option) along with either the X-CSRF-Token header or the gorilla.csrf.Token form field.
-
-In addition: getting CSRF protection right is important, so here's some background:
-
-* This library generates unique-per-request (masked) tokens as a mitigation
-against the BREACH attack (http://breachattack.com/).
-
-* The 'base' (unmasked) token is stored in the session, which means that
-multiple browser tabs won't cause a user problems as their per-request token
-is compared with the base token.
-
-* Operates on a "whitelist only" approach where safe (non-mutating) HTTP methods
-(GET, HEAD, OPTIONS, TRACE) are the *only* methods where token validation is not
-enforced.
-
-* The design is based on the battle-tested Django
-(https://docs.djangoproject.com/en/1.8/ref/csrf/) and Ruby on Rails
-(http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html)
-approaches.
-
-* Cookies are authenticated and based on the securecookie
-(https://github.com/gorilla/securecookie) library. They're also Secure (issued
-over HTTPS only) and are HttpOnly by default, because sane defaults are
-important.
-
-* Go's `crypto/rand` library is used to generate the 32 byte (256 bit) tokens
-and the one-time-pad used for masking them.
-
-This library does not seek to be adventurous.
-
-*/
-package csrf
diff --git a/vendor/github.com/gorilla/csrf/go.mod b/vendor/github.com/gorilla/csrf/go.mod
deleted file mode 100644
index 2d2ce4d..0000000
--- a/vendor/github.com/gorilla/csrf/go.mod
+++ /dev/null
@@ -1,7 +0,0 @@
-module github.com/gorilla/csrf
-
-require (
-	github.com/gorilla/context v1.1.1
-	github.com/gorilla/securecookie v1.1.1
-	github.com/pkg/errors v0.8.0
-)
diff --git a/vendor/github.com/gorilla/csrf/helpers.go b/vendor/github.com/gorilla/csrf/helpers.go
deleted file mode 100644
index 3dacfd2..0000000
--- a/vendor/github.com/gorilla/csrf/helpers.go
+++ /dev/null
@@ -1,203 +0,0 @@
-package csrf
-
-import (
-	"crypto/rand"
-	"crypto/subtle"
-	"encoding/base64"
-	"fmt"
-	"html/template"
-	"net/http"
-	"net/url"
-)
-
-// Token returns a masked CSRF token ready for passing into HTML template or
-// a JSON response body. An empty token will be returned if the middleware
-// has not been applied (which will fail subsequent validation).
-func Token(r *http.Request) string {
-	if val, err := contextGet(r, tokenKey); err == nil {
-		if maskedToken, ok := val.(string); ok {
-			return maskedToken
-		}
-	}
-
-	return ""
-}
-
-// FailureReason makes CSRF validation errors available in the request context.
-// This is useful when you want to log the cause of the error or report it to
-// client.
-func FailureReason(r *http.Request) error {
-	if val, err := contextGet(r, errorKey); err == nil {
-		if err, ok := val.(error); ok {
-			return err
-		}
-	}
-
-	return nil
-}
-
-// UnsafeSkipCheck will skip the CSRF check for any requests.  This must be
-// called before the CSRF middleware.
-//
-// Note: You should not set this without otherwise securing the request from
-// CSRF attacks. The primary use-case for this function is to turn off CSRF
-// checks for non-browser clients using authorization tokens against your API.
-func UnsafeSkipCheck(r *http.Request) *http.Request {
-	return contextSave(r, skipCheckKey, true)
-}
-
-// TemplateField is a template helper for html/template that provides an <input> field
-// populated with a CSRF token.
-//
-// Example:
-//
-//      // The following tag in our form.tmpl template:
-//      {{ .csrfField }}
-//
-//      // ... becomes:
-//      <input type="hidden" name="gorilla.csrf.Token" value="<token>">
-//
-func TemplateField(r *http.Request) template.HTML {
-	if name, err := contextGet(r, formKey); err == nil {
-		fragment := fmt.Sprintf(`<input type="hidden" name="%s" value="%s">`,
-			name, Token(r))
-
-		return template.HTML(fragment)
-	}
-
-	return template.HTML("")
-}
-
-// mask returns a unique-per-request token to mitigate the BREACH attack
-// as per http://breachattack.com/#mitigations
-//
-// The token is generated by XOR'ing a one-time-pad and the base (session) CSRF
-// token and returning them together as a 64-byte slice. This effectively
-// randomises the token on a per-request basis without breaking multiple browser
-// tabs/windows.
-func mask(realToken []byte, r *http.Request) string {
-	otp, err := generateRandomBytes(tokenLength)
-	if err != nil {
-		return ""
-	}
-
-	// XOR the OTP with the real token to generate a masked token. Append the
-	// OTP to the front of the masked token to allow unmasking in the subsequent
-	// request.
-	return base64.StdEncoding.EncodeToString(append(otp, xorToken(otp, realToken)...))
-}
-
-// unmask splits the issued token (one-time-pad + masked token) and returns the
-// unmasked request token for comparison.
-func unmask(issued []byte) []byte {
-	// Issued tokens are always masked and combined with the pad.
-	if len(issued) != tokenLength*2 {
-		return nil
-	}
-
-	// We now know the length of the byte slice.
-	otp := issued[tokenLength:]
-	masked := issued[:tokenLength]
-
-	// Unmask the token by XOR'ing it against the OTP used to mask it.
-	return xorToken(otp, masked)
-}
-
-// requestToken returns the issued token (pad + masked token) from the HTTP POST
-// body or HTTP header. It will return nil if the token fails to decode.
-func (cs *csrf) requestToken(r *http.Request) []byte {
-	// 1. Check the HTTP header first.
-	issued := r.Header.Get(cs.opts.RequestHeader)
-
-	// 2. Fall back to the POST (form) value.
-	if issued == "" {
-		issued = r.PostFormValue(cs.opts.FieldName)
-	}
-
-	// 3. Finally, fall back to the multipart form (if set).
-	if issued == "" && r.MultipartForm != nil {
-		vals := r.MultipartForm.Value[cs.opts.FieldName]
-
-		if len(vals) > 0 {
-			issued = vals[0]
-		}
-	}
-
-	// Decode the "issued" (pad + masked) token sent in the request. Return a
-	// nil byte slice on a decoding error (this will fail upstream).
-	decoded, err := base64.StdEncoding.DecodeString(issued)
-	if err != nil {
-		return nil
-	}
-
-	return decoded
-}
-
-// generateRandomBytes returns securely generated random bytes.
-// It will return an error if the system's secure random number generator
-// fails to function correctly.
-func generateRandomBytes(n int) ([]byte, error) {
-	b := make([]byte, n)
-	_, err := rand.Read(b)
-	// err == nil only if len(b) == n
-	if err != nil {
-		return nil, err
-	}
-
-	return b, nil
-
-}
-
-// sameOrigin returns true if URLs a and b share the same origin. The same
-// origin is defined as host (which includes the port) and scheme.
-func sameOrigin(a, b *url.URL) bool {
-	return (a.Scheme == b.Scheme && a.Host == b.Host)
-}
-
-// compare securely (constant-time) compares the unmasked token from the request
-// against the real token from the session.
-func compareTokens(a, b []byte) bool {
-	// This is required as subtle.ConstantTimeCompare does not check for equal
-	// lengths in Go versions prior to 1.3.
-	if len(a) != len(b) {
-		return false
-	}
-
-	return subtle.ConstantTimeCompare(a, b) == 1
-}
-
-// xorToken XORs tokens ([]byte) to provide unique-per-request CSRF tokens. It
-// will return a masked token if the base token is XOR'ed with a one-time-pad.
-// An unmasked token will be returned if a masked token is XOR'ed with the
-// one-time-pad used to mask it.
-func xorToken(a, b []byte) []byte {
-	n := len(a)
-	if len(b) < n {
-		n = len(b)
-	}
-
-	res := make([]byte, n)
-
-	for i := 0; i < n; i++ {
-		res[i] = a[i] ^ b[i]
-	}
-
-	return res
-}
-
-// contains is a helper function to check if a string exists in a slice - e.g.
-// whether a HTTP method exists in a list of safe methods.
-func contains(vals []string, s string) bool {
-	for _, v := range vals {
-		if v == s {
-			return true
-		}
-	}
-
-	return false
-}
-
-// envError stores a CSRF error in the request context.
-func envError(r *http.Request, err error) *http.Request {
-	return contextSave(r, errorKey, err)
-}
diff --git a/vendor/github.com/gorilla/csrf/options.go b/vendor/github.com/gorilla/csrf/options.go
deleted file mode 100644
index b50ebd4..0000000
--- a/vendor/github.com/gorilla/csrf/options.go
+++ /dev/null
@@ -1,130 +0,0 @@
-package csrf
-
-import "net/http"
-
-// Option describes a functional option for configuring the CSRF handler.
-type Option func(*csrf)
-
-// MaxAge sets the maximum age (in seconds) of a CSRF token's underlying cookie.
-// Defaults to 12 hours.
-func MaxAge(age int) Option {
-	return func(cs *csrf) {
-		cs.opts.MaxAge = age
-	}
-}
-
-// Domain sets the cookie domain. Defaults to the current domain of the request
-// only (recommended).
-//
-// This should be a hostname and not a URL. If set, the domain is treated as
-// being prefixed with a '.' - e.g. "example.com" becomes ".example.com" and
-// matches "www.example.com" and "secure.example.com".
-func Domain(domain string) Option {
-	return func(cs *csrf) {
-		cs.opts.Domain = domain
-	}
-}
-
-// Path sets the cookie path. Defaults to the path the cookie was issued from
-// (recommended).
-//
-// This instructs clients to only respond with cookie for that path and its
-// subpaths - i.e. a cookie issued from "/register" would be included in requests
-// to "/register/step2" and "/register/submit".
-func Path(p string) Option {
-	return func(cs *csrf) {
-		cs.opts.Path = p
-	}
-}
-
-// Secure sets the 'Secure' flag on the cookie. Defaults to true (recommended).
-// Set this to 'false' in your development environment otherwise the cookie won't
-// be sent over an insecure channel. Setting this via the presence of a 'DEV'
-// environmental variable is a good way of making sure this won't make it to a
-// production environment.
-func Secure(s bool) Option {
-	return func(cs *csrf) {
-		cs.opts.Secure = s
-	}
-}
-
-// HttpOnly sets the 'HttpOnly' flag on the cookie. Defaults to true (recommended).
-func HttpOnly(h bool) Option {
-	return func(cs *csrf) {
-		// Note that the function and field names match the case of the
-		// related http.Cookie field instead of the "correct" HTTPOnly name
-		// that golint suggests.
-		cs.opts.HttpOnly = h
-	}
-}
-
-// ErrorHandler allows you to change the handler called when CSRF request
-// processing encounters an invalid token or request. A typical use would be to
-// provide a handler that returns a static HTML file with a HTTP 403 status. By
-// default a HTTP 403 status and a plain text CSRF failure reason are served.
-//
-// Note that a custom error handler can also access the csrf.FailureReason(r)
-// function to retrieve the CSRF validation reason from the request context.
-func ErrorHandler(h http.Handler) Option {
-	return func(cs *csrf) {
-		cs.opts.ErrorHandler = h
-	}
-}
-
-// RequestHeader allows you to change the request header the CSRF middleware
-// inspects. The default is X-CSRF-Token.
-func RequestHeader(header string) Option {
-	return func(cs *csrf) {
-		cs.opts.RequestHeader = header
-	}
-}
-
-// FieldName allows you to change the name attribute of the hidden <input> field
-// inspected by this package. The default is 'gorilla.csrf.Token'.
-func FieldName(name string) Option {
-	return func(cs *csrf) {
-		cs.opts.FieldName = name
-	}
-}
-
-// CookieName changes the name of the CSRF cookie issued to clients.
-//
-// Note that cookie names should not contain whitespace, commas, semicolons,
-// backslashes or control characters as per RFC6265.
-func CookieName(name string) Option {
-	return func(cs *csrf) {
-		cs.opts.CookieName = name
-	}
-}
-
-// setStore sets the store used by the CSRF middleware.
-// Note: this is private (for now) to allow for internal API changes.
-func setStore(s store) Option {
-	return func(cs *csrf) {
-		cs.st = s
-	}
-}
-
-// parseOptions parses the supplied options functions and returns a configured
-// csrf handler.
-func parseOptions(h http.Handler, opts ...Option) *csrf {
-	// Set the handler to call after processing.
-	cs := &csrf{
-		h: h,
-	}
-
-	// Default to true. See Secure & HttpOnly function comments for rationale.
-	// Set here to allow package users to override the default.
-	cs.opts.Secure = true
-	cs.opts.HttpOnly = true
-
-	// Range over each options function and apply it
-	// to our csrf type to configure it. Options functions are
-	// applied in order, with any conflicting options overriding
-	// earlier calls.
-	for _, option := range opts {
-		option(cs)
-	}
-
-	return cs
-}
diff --git a/vendor/github.com/gorilla/csrf/store.go b/vendor/github.com/gorilla/csrf/store.go
deleted file mode 100644
index 39f47ad..0000000
--- a/vendor/github.com/gorilla/csrf/store.go
+++ /dev/null
@@ -1,82 +0,0 @@
-package csrf
-
-import (
-	"net/http"
-	"time"
-
-	"github.com/gorilla/securecookie"
-)
-
-// store represents the session storage used for CSRF tokens.
-type store interface {
-	// Get returns the real CSRF token from the store.
-	Get(*http.Request) ([]byte, error)
-	// Save stores the real CSRF token in the store and writes a
-	// cookie to the http.ResponseWriter.
-	// For non-cookie stores, the cookie should contain a unique (256 bit) ID
-	// or key that references the token in the backend store.
-	// csrf.GenerateRandomBytes is a helper function for generating secure IDs.
-	Save(token []byte, w http.ResponseWriter) error
-}
-
-// cookieStore is a signed cookie session store for CSRF tokens.
-type cookieStore struct {
-	name     string
-	maxAge   int
-	secure   bool
-	httpOnly bool
-	path     string
-	domain   string
-	sc       *securecookie.SecureCookie
-}
-
-// Get retrieves a CSRF token from the session cookie. It returns an empty token
-// if decoding fails (e.g. HMAC validation fails or the named cookie doesn't exist).
-func (cs *cookieStore) Get(r *http.Request) ([]byte, error) {
-	// Retrieve the cookie from the request
-	cookie, err := r.Cookie(cs.name)
-	if err != nil {
-		return nil, err
-	}
-
-	token := make([]byte, tokenLength)
-	// Decode the HMAC authenticated cookie.
-	err = cs.sc.Decode(cs.name, cookie.Value, &token)
-	if err != nil {
-		return nil, err
-	}
-
-	return token, nil
-}
-
-// Save stores the CSRF token in the session cookie.
-func (cs *cookieStore) Save(token []byte, w http.ResponseWriter) error {
-	// Generate an encoded cookie value with the CSRF token.
-	encoded, err := cs.sc.Encode(cs.name, token)
-	if err != nil {
-		return err
-	}
-
-	cookie := &http.Cookie{
-		Name:     cs.name,
-		Value:    encoded,
-		MaxAge:   cs.maxAge,
-		HttpOnly: cs.httpOnly,
-		Secure:   cs.secure,
-		Path:     cs.path,
-		Domain:   cs.domain,
-	}
-
-	// Set the Expires field on the cookie based on the MaxAge
-	// If MaxAge <= 0, we don't set the Expires attribute, making the cookie
-	// session-only.
-	if cs.maxAge > 0 {
-		cookie.Expires = time.Now().Add(
-			time.Duration(cs.maxAge) * time.Second)
-	}
-
-	// Write the authenticated cookie to the response.
-	http.SetCookie(w, cookie)
-
-	return nil
-}
-- 
cgit v1.2.3