csrf

package
v3.0.0-...-2834d1d Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 19, 2024 License: MIT Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source
const HeaderName = "X-Csrf-Token"

Variables

View Source
var (
	ErrTokenNotFound = errors.New("csrf token not found")
	ErrTokenInvalid  = errors.New("csrf token invalid")
	ErrNoReferer     = errors.New("referer not supplied")
	ErrBadReferer    = errors.New("referer invalid")
)
View Source
var (
	ErrMissingHeader = errors.New("missing csrf token in header")
	ErrMissingQuery  = errors.New("missing csrf token in query")
	ErrMissingParam  = errors.New("missing csrf token in param")
	ErrMissingForm   = errors.New("missing csrf token in form")
	ErrMissingCookie = errors.New("missing csrf token in cookie")
)
View Source
var ConfigDefault = Config{
	KeyLookup:      "header:" + HeaderName,
	CookieName:     "csrf_",
	CookieSameSite: "Lax",
	Expiration:     1 * time.Hour,
	KeyGenerator:   utils.UUIDv4,
	ErrorHandler:   defaultErrorHandler,
	Extractor:      CsrfFromHeader(HeaderName),
	SessionKey:     "csrfToken",
}

ConfigDefault is the default config

Functions

func CsrfFromCookie

func CsrfFromCookie(param string) func(c fiber.Ctx) (string, error)

csrfFromCookie returns a function that extracts token from the cookie header.

func CsrfFromForm

func CsrfFromForm(param string) func(c fiber.Ctx) (string, error)

csrfFromForm returns a function that extracts a token from a multipart-form.

func CsrfFromHeader

func CsrfFromHeader(param string) func(c fiber.Ctx) (string, error)

csrfFromHeader returns a function that extracts token from the request header.

func CsrfFromParam

func CsrfFromParam(param string) func(c fiber.Ctx) (string, error)

csrfFromParam returns a function that extracts token from the url param string.

func CsrfFromQuery

func CsrfFromQuery(param string) func(c fiber.Ctx) (string, error)

csrfFromQuery returns a function that extracts token from the query string.

func New

func New(config ...Config) fiber.Handler

New creates a new middleware handler

func TokenFromContext

func TokenFromContext(c fiber.Ctx) string

TokenFromContext returns the token found in the context returns an empty string if the token does not exist

Types

type CSRFHandler

type CSRFHandler struct {
	// contains filtered or unexported fields
}

func HandlerFromContext

func HandlerFromContext(c fiber.Ctx) *CSRFHandler

HandlerFromContext returns the CSRFHandler found in the context returns nil if the handler does not exist

func (*CSRFHandler) DeleteToken

func (handler *CSRFHandler) DeleteToken(c fiber.Ctx) error

DeleteToken removes the token found in the context from the storage and expires the CSRF cookie

type Config

type Config struct {
	// Next defines a function to skip this middleware when returned true.
	//
	// Optional. Default: nil
	Next func(c fiber.Ctx) bool

	// KeyLookup is a string in the form of "<source>:<key>" that is used
	// to create an Extractor that extracts the token from the request.
	// Possible values:
	// - "header:<name>"
	// - "query:<name>"
	// - "param:<name>"
	// - "form:<name>"
	// - "cookie:<name>"
	//
	// Ignored if an Extractor is explicitly set.
	//
	// Optional. Default: "header:X-Csrf-Token"
	KeyLookup string

	// Name of the session cookie. This cookie will store session key.
	// Optional. Default value "csrf_".
	// Overridden if KeyLookup == "cookie:<name>"
	CookieName string

	// Domain of the CSRF cookie.
	// Optional. Default value "".
	CookieDomain string

	// Path of the CSRF cookie.
	// Optional. Default value "".
	CookiePath string

	// Indicates if CSRF cookie is secure.
	// Optional. Default value false.
	CookieSecure bool

	// Indicates if CSRF cookie is HTTP only.
	// Optional. Default value false.
	CookieHTTPOnly bool

	// Value of SameSite cookie.
	// Optional. Default value "Lax".
	CookieSameSite string

	// Decides whether cookie should last for only the browser sesison.
	// Ignores Expiration if set to true
	CookieSessionOnly bool

	// Expiration is the duration before csrf token will expire
	//
	// Optional. Default: 1 * time.Hour
	Expiration time.Duration

	// SingleUseToken indicates if the CSRF token be destroyed
	// and a new one generated on each use.
	//
	// Optional. Default: false
	SingleUseToken bool

	// Store is used to store the state of the middleware
	//
	// Optional. Default: memory.New()
	// Ignored if Session is set.
	Storage fiber.Storage

	// Session is used to store the state of the middleware
	//
	// Optional. Default: nil
	// If set, the middleware will use the session store instead of the storage
	Session *session.Store

	// SessionKey is the key used to store the token in the session
	//
	// Default: "csrfToken"
	SessionKey string

	// KeyGenerator creates a new CSRF token
	//
	// Optional. Default: utils.UUID
	KeyGenerator func() string

	// ErrorHandler is executed when an error is returned from fiber.Handler.
	//
	// Optional. Default: DefaultErrorHandler
	ErrorHandler fiber.ErrorHandler

	// Extractor returns the csrf token
	//
	// If set this will be used in place of an Extractor based on KeyLookup.
	//
	// Optional. Default will create an Extractor based on KeyLookup.
	Extractor func(c fiber.Ctx) (string, error)
}

Config defines the config for middleware.

type Token

type Token struct {
	Key        string    `json:"key"`
	Raw        []byte    `json:"raw"`
	Expiration time.Time `json:"expiration"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL