Documentation ¶
Index ¶
- Constants
- Variables
- func CsrfFromCookie(param string) func(c *fiber.Ctx) (string, error)
- func CsrfFromForm(param string) func(c *fiber.Ctx) (string, error)
- func CsrfFromHeader(param string) func(c *fiber.Ctx) (string, error)
- func CsrfFromParam(param string) func(c *fiber.Ctx) (string, error)
- func CsrfFromQuery(param string) func(c *fiber.Ctx) (string, error)
- func New(config ...Config) fiber.Handler
- type CSRFHandler
- type Config
- type Token
Constants ¶
View Source
const HeaderName = "X-Csrf-Token"
Variables ¶
View Source
var ( ErrTokenNotFound = errors.New("csrf token not found") ErrTokenInvalid = errors.New("csrf token invalid") ErrNoReferer = errors.New("referer not supplied") ErrBadReferer = errors.New("referer invalid") )
View Source
var ( ErrMissingHeader = errors.New("missing csrf token in header") ErrMissingQuery = errors.New("missing csrf token in query") ErrMissingParam = errors.New("missing csrf token in param") ErrMissingForm = errors.New("missing csrf token in form") ErrMissingCookie = errors.New("missing csrf token in cookie") )
View Source
var ConfigDefault = Config{ KeyLookup: "header:" + HeaderName, CookieName: "csrf_", CookieSameSite: "Lax", Expiration: 1 * time.Hour, KeyGenerator: utils.UUIDv4, ErrorHandler: defaultErrorHandler, Extractor: CsrfFromHeader(HeaderName), SessionKey: "fiber.csrf.token", HandlerContextKey: "fiber.csrf.handler", }
ConfigDefault is the default config
Functions ¶
func CsrfFromCookie ¶ added in v2.37.0
csrfFromCookie returns a function that extracts token from the cookie header.
func CsrfFromForm ¶ added in v2.37.0
csrfFromForm returns a function that extracts a token from a multipart-form.
func CsrfFromHeader ¶ added in v2.37.0
csrfFromHeader returns a function that extracts token from the request header.
func CsrfFromParam ¶ added in v2.37.0
csrfFromParam returns a function that extracts token from the url param string.
func CsrfFromQuery ¶ added in v2.37.0
csrfFromQuery returns a function that extracts token from the query string.
Types ¶
type CSRFHandler ¶ added in v2.50.0
type CSRFHandler struct {
// contains filtered or unexported fields
}
func (*CSRFHandler) DeleteToken ¶ added in v2.50.0
func (handler *CSRFHandler) DeleteToken(c *fiber.Ctx) error
DeleteToken removes the token found in the context from the storage and expires the CSRF cookie
type Config ¶
type Config struct { // Next defines a function to skip this middleware when returned true. // // Optional. Default: nil Next func(c *fiber.Ctx) bool // KeyLookup is a string in the form of "<source>:<key>" that is used // to create an Extractor that extracts the token from the request. // Possible values: // - "header:<name>" // - "query:<name>" // - "param:<name>" // - "form:<name>" // - "cookie:<name>" // // Ignored if an Extractor is explicitly set. // // Optional. Default: "header:X-CSRF-Token" KeyLookup string // Name of the session cookie. This cookie will store session key. // Optional. Default value "csrf_". // Overridden if KeyLookup == "cookie:<name>" CookieName string // Domain of the CSRF cookie. // Optional. Default value "". CookieDomain string // Path of the CSRF cookie. // Optional. Default value "". CookiePath string // Indicates if CSRF cookie is secure. // Optional. Default value false. CookieSecure bool // Indicates if CSRF cookie is HTTP only. // Optional. Default value false. CookieHTTPOnly bool // Value of SameSite cookie. // Optional. Default value "Lax". CookieSameSite string // Decides whether cookie should last for only the browser sesison. // Ignores Expiration if set to true CookieSessionOnly bool // Expiration is the duration before csrf token will expire // // Optional. Default: 1 * time.Hour Expiration time.Duration // SingleUseToken indicates if the CSRF token be destroyed // and a new one generated on each use. // // Optional. Default: false SingleUseToken bool // Store is used to store the state of the middleware // // Optional. Default: memory.New() // Ignored if Session is set. Storage fiber.Storage // Session is used to store the state of the middleware // // Optional. Default: nil // If set, the middleware will use the session store instead of the storage Session *session.Store // SessionKey is the key used to store the token in the session // // Default: "fiber.csrf.token" SessionKey string // Context key to store generated CSRF token into context. // If left empty, token will not be stored in context. // // Optional. Default: "" ContextKey string // KeyGenerator creates a new CSRF token // // Optional. Default: utils.UUID KeyGenerator func() string // Deprecated: Please use Expiration CookieExpires time.Duration // Deprecated: Please use Cookie* related fields Cookie *fiber.Cookie // Deprecated: Please use KeyLookup TokenLookup string // ErrorHandler is executed when an error is returned from fiber.Handler. // // Optional. Default: DefaultErrorHandler ErrorHandler fiber.ErrorHandler // Extractor returns the csrf token // // If set this will be used in place of an Extractor based on KeyLookup. // // Optional. Default will create an Extractor based on KeyLookup. Extractor func(c *fiber.Ctx) (string, error) // HandlerContextKey is used to store the CSRF Handler into context // // Default: "fiber.csrf.handler" HandlerContextKey string }
Config defines the config for middleware.
Click to show internal directories.
Click to hide internal directories.