Documentation
¶
Overview ¶
Package memcachedstore provides a store.KV CSRF token backend built on the native celeris driver/memcached client. Drop-in rival to middleware/csrf/redisstore for deployments that prefer memcached.
Memcached has no atomic GETDEL. Single-use token validation (Config.SingleUseToken=true) falls back to a [Client.Gets] + [Client.CAS] zero-set sequence: Gets returns a CAS token, then we attempt a CAS-guarded Delete. Under concurrent single-use attempts, only one delete wins — the other observes CAS conflict and returns store.ErrNotFound, which is exactly the TOCTOU-safe behavior csrf.go already expects.
Index ¶
- type Options
- type Store
- func (s *Store) Delete(ctx context.Context, key string) error
- func (s *Store) Get(ctx context.Context, key string) ([]byte, error)
- func (s *Store) GetAndDelete(ctx context.Context, key string) ([]byte, error)
- func (s *Store) Set(ctx context.Context, key string, value []byte, ttl time.Duration) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Options ¶
type Options struct {
// KeyPrefix is prepended to every token key. Default: "csrf:".
KeyPrefix string
}
Options configure the memcached-backed CSRF store.
type Store ¶
type Store struct {
// contains filtered or unexported fields
}
Store is a store.KV + store.GetAndDeleter backed by memcached.
func (*Store) GetAndDelete ¶
GetAndDelete implements store.GetAndDeleter with CAS so concurrent single-use token redemptions cannot both observe success.
Flow: Gets → CAS a sentinel with the captured token + ttl=1s so the value visibly disappears shortly, then issue a best-effort Delete to free the slot immediately. If the CAS fails, another redemption won the race; we return store.ErrNotFound so the caller rejects the token as already-consumed (same semantic as a true atomic GETDEL).
Source Files