README
¶
Fast CSRF
Fast CSRF is a port of echo's CSRF middleware but for the fasthttp Library.
Usage
package main
import (
"github.com/brunvieira/fastcsrf"
"github.com/valyala/fasthttp"
)
func testStatusOk(ctx *fasthttp.RequestCtx) {
ctx.SetStatusCode(fasthttp.StatusOK)
}
func main() {
// use with default values
fasthttp.ListenAndServe(":8080", CSRF(testStatusOk))
// use with custom config
config := CSRFConfig{}
config.TokenLength = 64
config.TokenLookup = "form:csrfToken" // now it will look for the csrfToken field in the post/put form. See docs for options
config.CookieName = "fastcsrf"
config.CookieDomain = "github.com"
config.CookiePath = "/brunvieira"
config.CookieMaxAge = 24 * 60 * 1000
config.CookieSecure = true
config.CookieHTTPOnly = true
fasthttp.ListenAndServe(":8081", CSRFWithConfig(c)(testStatusOk))
}
License
MIT
Documentation
¶
Index ¶
Constants ¶
View Source
const ( // CSRFTokenNotFound defines the error for a Token not found CSRFTokenNotFound = "CSRF Token not found" // DefaultTokenLookup defines `X-CSRF-TOKEN` as the default token lookup DefaultTokenLookup = "X-CSRF-TOKEN" // InvalidCSRFToken defines the error for an invalid CSRF token InvalidCSRFToken = "Invalid token" )
Variables ¶
View Source
var ( // DefaultCSRFConfig is the default CSRF middleware config. DefaultCSRFConfig = CSRFConfig{ TokenLength: 32, TokenLookup: "header:" + DefaultTokenLookup, ContextKey: "csrf", CookieName: "_csrf", CookieMaxAge: 86400, } )
Functions ¶
func CSRF ¶
func CSRF(next fasthttp.RequestHandler) fasthttp.RequestHandler
CSRF returns a Cross-Site Request Forgery (CSRF) middleware. See: https://en.wikipedia.org/wiki/Cross-site_request_forgery
func CSRFWithConfig ¶
func CSRFWithConfig(config CSRFConfig) func(fasthttp.RequestHandler) fasthttp.RequestHandler
CSRFWithConfig returns a CSRF middleware with config. See `CSRF(fasthttp.RequestHandler)`.
Types ¶
type CSRFConfig ¶
type CSRFConfig struct {
TokenLength uint8 `yaml:"token_length"`
// TokenLookup is a string in the form of "<source>:<key>" that is used
// to extract token from the request.
// Optional. Default value "header:X-CSRF-Token".
// Possible values:
// - "header:<name>"
// - "form:<name>"
// - "query:<name>"
TokenLookup string `yaml:"token_lookup"`
// Context key to store generated CSRF token into context.
// Optional. Default value "csrf".
ContextKey string `yaml:"context_key"`
// Name of the CSRF cookie. This cookie will store CSRF token.
// Optional. Default value "csrf".
CookieName string `yaml:"cookie_name"`
// Domain of the CSRF cookie.
// Optional. Default value none.
CookieDomain string `yaml:"cookie_domain"`
// Path of the CSRF cookie.
// Optional. Default value none.
CookiePath string `yaml:"cookie_path"`
// Max age (in seconds) of the CSRF cookie.
// Optional. Default value 86400 (24hr).
CookieMaxAge int `yaml:"cookie_max_age"`
// Indicates if CSRF cookie is secure.
// Optional. Default value false.
CookieSecure bool `yaml:"cookie_secure"`
// Indicates if CSRF cookie is HTTP only.
// Optional. Default value false.
CookieHTTPOnly bool `yaml:"cookie_http_only"`
}
CSRFConfig defines the config for CSRF middleware
Source Files
Click to show internal directories.
Click to hide internal directories.