csrf

Documentation

Index

• Variables
• func Check(ctx context.Context, maskedCmp []byte) error
• func IsNew(ctx context.Context) bool
• func MaskedToken(ctx context.Context) []byte
• func RenewToken(ctx context.Context) error
• func SetToken(ctx context.Context, masked []byte) (context.Context, error)

Variables

var (
	ErrEmptyToken   = errors.New("empty CSRF token")
	ErrInvalidToken = errors.New("invalid CSRF token")
)

Functions

func Check

func Check(ctx context.Context, maskedCmp []byte) error

Check accepts a masked token to compare with the one on the given context. If the tokens match then it returns nil.

func IsNew

func IsNew(ctx context.Context) bool

IsNew returns true if the CSRF data on the given context has either been newly created or renewed.

func MaskedToken

func MaskedToken(ctx context.Context) []byte

MaskedToken returns the CSRF token on the given context but masks it using a one time pad every time it's called.

This means that the token returned will look different every time the function is called, but will produce the same value when XOR'ed with the key, which is prepended to the data as the first half of the byte slice.

This is purely to help mitigate against things like the BREACH attack and a new CSRF token should still be generated on events like auth changes.

func RenewToken

func RenewToken(ctx context.Context) error

RenewToken generates a new CSRF token and replaces it on the given context.

func SetToken

func SetToken(ctx context.Context, masked []byte) (context.Context, error)

SetToken accepts a masked CSRF token to set on the given context. If no token is provided then a new one is automatically generated and used instead.