README
¶
CSRF 预防跨站请求伪造组件
一个简单的基于Cookie的预防跨站请求伪造组件
配置说明
#TOML版本,其他版本可以根据对应格式配置
#回传csrf token的Cookie名。默认值为herb-csrf-token
CookieName="herb-csrf-token".
#回传csrf token的Cookie名路径。默认值为/
CookiePath="/"
#接受并验证csrf token的头字段。默认为"X-CSRF-TOKEN"
HeaderName="X-CSRF-TOKEN"
#接受并验证csrf token的表单字段。默认为"X-CSRF-TOKEN"
FormField="X-CSRF-TOKEN"
#失败时返回的响应状态码。默认值为400.
FailStatus=400
#中间件是否起效。默认值为false
Enabled=true
#验证失败时添加的响应头
FailHeader="csrffail"
#验证失败时添加的响应头的值
FailValue="failed"
使用说明
c:=csrf.New()
config:=&csrf.Config{}
err=toml.Unmarshal(data,config)
config.ApplyTo(csrfmiddleware)
app.Use(c.ServeVerifyHeaderMiddleware)
app.Use(c.ServeVerifyFormMiddleware)
Documentation
¶
Overview ¶
Package csrf provide csrf prevent middleware.
Index ¶
- func DefaultTokenGenerater() (string, error)
- type Config
- type ContextKey
- type Csrf
- func (csrf *Csrf) CsrfInput(w http.ResponseWriter, r *http.Request) (string, error)
- func (csrf *Csrf) ServeSetCsrfTokenMiddleware(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
- func (csrf *Csrf) ServeVerifyFormMiddleware(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
- func (csrf *Csrf) ServeVerifyHeaderMiddleware(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
- func (csrf *Csrf) SetCsrfToken(w http.ResponseWriter, r *http.Request) error
- func (csrf *Csrf) Verify(r *http.Request, token string) (bool, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DefaultTokenGenerater ¶
DefaultTokenGenerater default csrf token generater. Return current timestamp string and any error if raised.
Types ¶
type Config ¶
type Config struct {
CookieName string //Name of cookie which the token stored in.Default value is "herb-csrf-token".
CookiePath string //Path of cookie the token stored in.Default value is "/".
HeaderName string //Name of Header which the token stroed in.Default value is "X-CSRF-TOKEN".
FormField string //Field name of post form which the token stroed in.Default value is "X-CSRF-TOKEN".
FailStatus int //Http status code returned when csrf verify failed.Default value is http.StatusBadRequest (int 400).
Enabled bool //Enabled if this middleware if enabled.
FailHeader string //FailedHeader resoponse header field send when failed
FailValue string //FailedValue resoponse header value send when failed
}
Config csrf config struct
type Csrf ¶
type Csrf struct {
CookieName string //Name of cookie which the token stored in.Default value is "herb-csrf-token".
CookiePath string //Path of cookie the token stored in.Default value is "/".
HeaderName string //Name of Header which the token stroed in.Default value is "X-CSRF-TOKEN".
FormField string //Field name of post form which the token stroed in.Default value is "X-CSRF-TOKEN".
FailStatus int //Http status code returned when csrf verify failed.Default value is http.StatusBadRequest (int 400).
RequestContextKey ContextKey //Context key of requst which token stored in.Default value is csrf.ContextKey("herb-csrf-token").
Enabled bool //Enabled if this middleware if enabled.
FailHeader string //FailedHeader resoponse header field send when failed
FailValue string //FailedValue resoponse header value send when failed
TokenGenerater func() (string, error) //TokenGenerater func to create csrf token.
}
Csrf is the components provide csrf function. You can use Csrf.SetCsrfTokenMiddleware,Csrf.VerifyFormMiddleware,Csrf.VerifyHeaderMiddleware or Csrf.CsrfInput to protected your web app. All value can be change after creation.
func (*Csrf) ServeSetCsrfTokenMiddleware ¶
func (csrf *Csrf) ServeSetCsrfTokenMiddleware(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
ServeSetCsrfTokenMiddleware The middleware set a random token in cookie which is used in later verification if the cookie does not exist.
func (*Csrf) ServeVerifyFormMiddleware ¶
func (csrf *Csrf) ServeVerifyFormMiddleware(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
ServeVerifyFormMiddleware The middleware check if the token in post form is equal to token value save in cookie
func (*Csrf) ServeVerifyHeaderMiddleware ¶
func (csrf *Csrf) ServeVerifyHeaderMiddleware(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
ServeVerifyHeaderMiddleware The middleware check if the token in post form is equal to token value save in cookie
func (*Csrf) SetCsrfToken ¶
SetCsrfToken set a random token in cookie which is used in later verification if the cookie does not exist.
Source Files