csrf

package
v3.10.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 2, 2018 License: Apache-2.0 Imports: 3 Imported by: 0

Documentation

Index

Constants

View Source
const CSRFKey = "csrf"

Variables

This section is empty.

Functions

This section is empty.

Types

type CSRF

type CSRF interface {
	// Generate returns a CSRF token suitable for inclusion in a form
	Generate(http.ResponseWriter, *http.Request) (string, error)
	// Check returns true if the given token is valid for the given request
	Check(*http.Request, string) (bool, error)
}

CSRF handles generating a csrf value, and checking the submitted value

func NewCookieCSRF

func NewCookieCSRF(name, path, domain string, secure, httponly bool) CSRF

NewCookieCSRF stores random CSRF tokens in a cookie created with the given options. Empty CSRF tokens or tokens that do not match the value of the cookie on the request are rejected.

func NewEmptyCSRF

func NewEmptyCSRF() CSRF

NewEmptyCSRF returns a CSRF object which generates empty CSRF tokens, and accepts any token as valid

func NewSessionCSRF

func NewSessionCSRF(store session.Store, name string) CSRF

NewSessionCSRF stores CSRF tokens in a session with the given name. Empty CSRF tokens or tokens that do not match the value in the session are rejected.

type FakeCSRF

type FakeCSRF struct {
	Token string
	Err   error
}

FakeCSRF returns the given token and error for testing purposes

func (*FakeCSRF) Check

func (c *FakeCSRF) Check(req *http.Request, value string) (bool, error)

Check implements the CSRF interface

func (*FakeCSRF) Generate

func (c *FakeCSRF) Generate(w http.ResponseWriter, req *http.Request) (string, error)

Generate implements the CSRF interface

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL