README
¶
atreugo-csrf
atreugo-csrf is CSRF middleware library for atreugo
Usage
Default settings (Using form)
package main
import (
"github.com/savsgio/atreugo/v11"
csrf "github.com/YuzuRyo61/atreugo-csrf"
)
func main() {
s := atreugo.New(atreugo.Config{
Addr: "127.0.0.1:8080",
})
s.UseBefore(csrf.CSRF)
s.GET("/", func(ctx *atreugo.RequestCtx) error {
return ctx.HTTPResponse("GET")
})
s.POST("/", func(ctx *atreugo.RequestCtx) error {
return ctx.HTTPResponse("POST")
})
if err := s.ListenAndServe(); err != nil {
panic(err)
}
}
Custom settings (for example, using header)
package main
import (
"github.com/savsgio/atreugo/v11"
csrf "github.com/YuzuRyo61/atreugo-csrf"
)
func main() {
s := atreugo.New(atreugo.Config{
Addr: "127.0.0.1:8080",
})
csrfConfig := &csrf.CSRFConfig{
CookieSecure: false,
CookieHttpOnly: false,
HeaderName: "X-CSRF-TOKEN",
ValidationMethod: "header",
}
s.UseBefore(csrf.CSRFWithConfig(csrfConfig))
s.GET("/", func(ctx *atreugo.RequestCtx) error {
return ctx.HTTPResponse("GET")
})
s.POST("/", func(ctx *atreugo.RequestCtx) error {
return ctx.HTTPResponse("POST")
})
if err := s.ListenAndServe(); err != nil {
panic(err)
}
}
Detailed settings are posted in the reference.
License
Documentation
¶
Overview ¶
Package atreugo_csrf is CSRF middleware library for atreugo
Index ¶
Constants ¶
View Source
const ( DefaultCSRFTokenHeader = "X-CSRF-TOKEN" DefaultCookieName = "_csrf" DefaultFormName = "_csrf" DefaultValidationMethod = "form" DefaultContextKey = "csrf" )
Variables ¶
View Source
var ( // DefaultCSRFConfig is default configuration of atreugo-csrf DefaultCSRFConfig = CSRFConfig{ TokenLength: 32, CookieSecure: true, CookieHttpOnly: true, CookieMaxAge: 60 * 60 * 24, CookieName: DefaultCookieName, HeaderName: DefaultCSRFTokenHeader, ValidationMethod: DefaultValidationMethod, ContextKey: DefaultContextKey, FormName: DefaultFormName, NotDefinedView: func(ctx *atreugo.RequestCtx) error { return ctx.TextResponse("CSRF not defined", 400) }, InvalidView: func(ctx *atreugo.RequestCtx) error { return ctx.TextResponse("Invalid CSRF token", 403) }, } )
Functions ¶
func CSRF ¶
func CSRF(ctx *atreugo.RequestCtx) error
CSRF function is a function used to use the default settings and is used to set the middleware of atreugo. Be sure to apply this middleware with `useBefore`.
func CSRFWithConfig ¶
func CSRFWithConfig(config *CSRFConfig) func(ctx *atreugo.RequestCtx) error
CSRFWithConfig function is a function used when using custom settings, and is used to set the middleware of atreugo. Be sure to apply this middleware with `useBefore`.
Types ¶
type CSRFConfig ¶
type CSRFConfig struct {
// Specifies the length of the token. The default is 32.
TokenLength uint8
// Set whether to support only encrypted communication for CSRF cookies.
// We recommend that you keep this setting enabled in a production environment.
CookieSecure bool
// Set the CSRF cookie to HTTP only (not read by JavaScript).
CookieHttpOnly bool
// Specifies the cookie name that stores the CSRF token.
CookieName string
// Specifies the expiration date of the CSRF token cookie.
CookieMaxAge uint
// Specifies the path that the CSRF token cookie can use.
CookiePath string
// Specifies the domain in which the CSRF token cookie can be used.
CookieDomain string
// Specifies the header name used for validation using HTTP headers.
HeaderName string
// Specify the verification method.
// Specify "form" when validating with a form, and "header" when validating with a header.
// If in doubt, "form" will be applied.
ValidationMethod string
// Specifies the key name to save in context.
ContextKey string
// Specifies the name of the form to validate on the form.
FormName string
// Specifies a custom view when the CSRF token was not set.
NotDefinedView atreugo.View
// Specifies a custom view when CSRF token validation fails.
InvalidView atreugo.View
}
Source Files
Click to show internal directories.
Click to hide internal directories.