webauth

package
v3.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 10, 2023 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckCSRFToken

func CheckCSRFToken(r *http.Request, newTokenLength int) (http.Cookie, error)

CheckCSRFToken compares the value of the CSRF cookie against the value of the CSRF header and returns an error if there is a mismatch. A new CSRF cookie is returned if generation is successful. CSRF tokens must be provided in the "__Host-rokwire-csrf-token" cookie and "Rokwire-Csrf-Token" header.

func CheckOrigin

func CheckOrigin(r *http.Request, requiredOrigin string) error

CheckOrigin verifies that the "Origin" header in r matches requiredOrigin. Used by web applications for CSRF protection.

requiredOrigin should be the full origin of the calling application (i.e., <scheme>://<hostname>:<port>). <port> is optional, but the default port for the requested service is used if not given.

func GetRefreshToken

func GetRefreshToken(r *http.Request, newCSRFTokenLength int) (string, http.Cookie, error)

GetRefreshToken retrieves refresh and CSRF tokens from the request headers and/or cookies. The refresh token is returned if the CSRF tokens match. A new CSRF cookie is returned if generation is successful. Refresh tokens must be provided in the "__Host-rokwire-refresh-token" cookie.

func NewCSRFCookie

func NewCSRFCookie(tokenLength int) (http.Cookie, error)

NewCSRFCookie returns a new "__Host-rokwire-csrf-token" session cookie. This should be used by web applications to send CSRF tokens to a browser.

func NewRefreshCookie

func NewRefreshCookie(token string, lifetime time.Duration, delete bool) (*http.Cookie, error)

NewRefreshCookie returns a new "__Host-rokwire-refresh-token" cookie with the given lifetime and the given token as its value. The cookie is set to be immediately deleted if delete is true. This should be used by web applications to send refresh tokens to a browser.

func SetupCORS

func SetupCORS(allowedOrigins []string, customHeaders []string, router http.Handler) http.Handler

SetupCORS sets up a new CORS handler for router using the given allowedOrigins and customHeaders. Used by building blocks to disallow requests from not allowed origins in web browsers.

"X-Requested-With", "Content-Type", "Authorization", and "Origin" headers are allowed for cross domain requests by default.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL