Documentation
¶
Index ¶
Constants ¶
const ( // FormTokenName is used to define HTML input field parameter name. FormTokenName = "csrftoken" // HeaderTokenName is used to define the header field name which can contain the token. HeaderTokenName = "Csrf-Token" //nolint:gosec // false positive )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Service ¶
type Service interface {
Generate(session *web.Session) string
IsValid(request *web.Request) bool
IsValidPost(request *web.Request) bool
IsValidHeader(request *web.Request) bool
}
Service is interface to define usage of service responsible for creating and validation csrf token.
type ServiceImpl ¶
type ServiceImpl struct {
// contains filtered or unexported fields
}
ServiceImpl is actual implementation of Service interface
func (*ServiceImpl) Generate ¶
func (s *ServiceImpl) Generate(session *web.Session) string
Generate creates csrf token depending on user session ID and time. It uses AES standard for encrypting data.
func (*ServiceImpl) Inject ¶
func (s *ServiceImpl) Inject(l flamingo.Logger, cfg *struct { Secret string `inject:"config:csrf.secret"` TTL float64 `inject:"config:csrf.ttl"` })
Inject dependencies
func (*ServiceImpl) IsValid ¶
func (s *ServiceImpl) IsValid(request *web.Request) bool
IsValid validates csrf token from POST request. Deprecated - use IsVaildPost instead. It uses AES standard for decrypting data. Session ID from csrf token must be the one in the request and token life time must be valid.
func (*ServiceImpl) IsValidHeader ¶
func (s *ServiceImpl) IsValidHeader(request *web.Request) bool
IsValidHeader validates csrf token in request header field. It uses AES standard for decrypting data. Session ID from csrf token must be the one in the request and token life time must be valid.
func (*ServiceImpl) IsValidPost ¶
func (s *ServiceImpl) IsValidPost(request *web.Request) bool
IsValidPost validates csrf token from POST request. It uses AES standard for decrypting data. Session ID from csrf token must be the one in the request and token life time must be valid.
Source Files
Directories