antixsrf: resenje.org/antixsrf Index | Files

package antixsrf

import "resenje.org/antixsrf"

Index

Package Files

antixsrf.go

Variables

var (
    // XSRFCookieName is an HTTP cookie name to store anti-XSRF token.
    XSRFCookieName = "secid"
    // XSRFHeaderName is an HTTP header name to check the token.
    XSRFHeaderName = "X-Secid"
    // XSRFFormFieldName is an HTTP form field name to check the token.
    XSRFFormFieldName = "secid"
)
var (
    ErrNoReferer      = newError("antixsrf: missing referer header")
    ErrInvalidReferer = newError("antixsrf: invalid referer header")
    ErrInvalidToken   = newError("antixsrf: invalid xsrf token")
    ErrMissingCookie  = newError("antixsrf: missing xsrf cookie")
    ErrMissingToken   = newError("antixsrf: missing xsrf token")
    ErrMissingHeader  = newError("antixsrf: missing xsrf header")
)

Errors related to invalid or missing anti-XSRF token value.

func Generate Uses

func Generate(w http.ResponseWriter, r *http.Request, opts ...GenerateOption)

Generate generates an anti-XSRF token and sets it as a cookie value.

func GenerateHandler Uses

func GenerateHandler(h http.Handler) http.Handler

GenerateHandler is a helper function that generates anti-XSRF cookie with default options inside a http handler middleware that can be chained with other http handlers.

func Verify Uses

func Verify(r *http.Request, opts ...VerifyOption) error

Verify check for a valid token in request Cookie, form field or header. It also checks if header "Referer" is present and that host values of the request and referrer are the same

type Error Uses

type Error struct {
    // contains filtered or unexported fields
}

Error is a generic error for this package.

func (*Error) Error Uses

func (e *Error) Error() string

type GenerateOption Uses

type GenerateOption func(*GenerateOptions)

GenerateOption sets parameters defined in GenerateOptions.

func WithGenerateCookieDomain Uses

func WithGenerateCookieDomain(domain string) GenerateOption

WithGenerateCookieDomain sets the cookie Domain.

func WithGenerateCookieMaxAge Uses

func WithGenerateCookieMaxAge(maxAge int) GenerateOption

WithGenerateCookieMaxAge sets the cookie max age value in seconds. Default is 0 which sets a session lived cookie.

func WithGenerateCookieName Uses

func WithGenerateCookieName(name string) GenerateOption

WithGenerateCookieName sets the cookie name that will be generated. Default is "secid".

func WithGenerateCookiePath Uses

func WithGenerateCookiePath(path string) GenerateOption

WithGenerateCookiePath sets the cookie path. Default is "/".

func WithGenerateForce Uses

func WithGenerateForce(force bool) GenerateOption

WithGenerateForce sets the new cookie with token even if it exists. Default is false.

type GenerateOptions Uses

type GenerateOptions struct {
    // contains filtered or unexported fields
}

GenerateOptions holds optional parameters for the Generate function.

type VerifyOption Uses

type VerifyOption func(*VerifyOptions)

VerifyOption sets parameters defined in VerifyOptions.

func WithVerifyCookieName Uses

func WithVerifyCookieName(name string) VerifyOption

WithVerifyCookieName sets the cookie name to check the token. Default is "secid".

func WithVerifyFormFieldName Uses

func WithVerifyFormFieldName(name string) VerifyOption

WithVerifyFormFieldName sets the HTTP form field name to check the token. Default is "secid".

func WithVerifyHeaderName Uses

func WithVerifyHeaderName(name string) VerifyOption

WithVerifyHeaderName sets the HTTP header name to check the token. Default is "X-Secid".

type VerifyOptions Uses

type VerifyOptions struct {
    // contains filtered or unexported fields
}

VerifyOptions holds optional parameters for the Generate function.

Package antixsrf imports 5 packages (graph) and is imported by 1 packages. Updated 2020-01-09. Refresh now. Tools for package owners.