csrf

package

v0.9.10 Latest Latest Go to latest Published: Feb 11, 2026 License: MIT Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/velocitykode/velocity

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func CSRFField(sessionID string) template.HTML
func CSRFMeta(sessionID string) template.HTML
func CSRFToken(sessionID string) string
func GenerateToken() (string, error)
func GetGlobalToken(sessionID string) (string, error)
func Middleware() router.MiddlewareFunc
func SetGlobalCSRF(csrf *CSRF)
func ValidateToken(token1, token2 string) bool
type CSRF
- func New(config *Config) *CSRF
type Config
- func DefaultConfig() *Config
type Store

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrTokenMissing = errors.New("CSRF token missing")
	ErrTokenInvalid = errors.New("CSRF token invalid")
	ErrTokenExpired = errors.New("CSRF token expired")
	ErrNoStore      = errors.New("no token store configured")
)

Functions ¶

func CSRFField ¶

func CSRFField(sessionID string) template.HTML

func CSRFMeta ¶

func CSRFMeta(sessionID string) template.HTML

func CSRFToken ¶

func CSRFToken(sessionID string) string

func GenerateToken ¶

func GenerateToken() (string, error)

GenerateToken creates a cryptographically secure random token

func GetGlobalToken ¶

func GetGlobalToken(sessionID string) (string, error)

func Middleware ¶

func Middleware() router.MiddlewareFunc

func SetGlobalCSRF ¶

func SetGlobalCSRF(csrf *CSRF)

func ValidateToken ¶

func ValidateToken(token1, token2 string) bool

ValidateToken compares tokens using constant-time comparison to prevent timing attacks

Types ¶

type CSRF ¶

type CSRF struct {
	// contains filtered or unexported fields
}

CSRF provides CSRF protection functionality

func New ¶

func New(config *Config) *CSRF

New creates a new CSRF instance with the given configuration

func (*CSRF) GetToken ¶

func (c *CSRF) GetToken(sessionID string) (string, error)

GetToken retrieves or generates a token for the given session ID

func (*CSRF) Middleware ¶

func (c *CSRF) Middleware(next http.Handler) http.Handler

Middleware returns HTTP middleware that validates CSRF tokens

func (*CSRF) RefreshHandler ¶

func (c *CSRF) RefreshHandler() http.HandlerFunc

RefreshHandler returns a handler that generates and returns a new CSRF token

func (*CSRF) RouterMiddleware ¶ added in v0.9.5

func (c *CSRF) RouterMiddleware() router.MiddlewareFunc

RouterMiddleware returns a router.MiddlewareFunc that validates CSRF tokens. This is the instance-based alternative to the global Middleware() function.

type Config ¶

type Config struct {
	// Token settings
	TokenLifetime     time.Duration
	HeaderName        string
	FormField         string
	CookieName        string
	SessionCookieName string // Name of the session cookie to read session ID from

	// Security settings
	SameSite  http.SameSite
	Secure    bool
	HTTPOnly  bool
	SingleUse bool

	// Storage strategy
	Store Store

	// Exception handling
	ExcludePaths []string
	ExcludeFunc  func(*http.Request) bool

	// Error handling
	ErrorTemplate string
	ErrorMessage  string
	ErrorHandler  func(http.ResponseWriter, *http.Request, error)
}

Config holds CSRF protection configuration

func DefaultConfig ¶

func DefaultConfig() *Config

DefaultConfig returns the default CSRF configuration

type Store ¶

type Store interface {
	// Get retrieves a token for the given session/identifier
	Get(id string) (string, error)

	// Set stores a token for the given session/identifier
	Set(id string, token string) error

	// Delete removes a token
	Delete(id string) error

	// Exists checks if a token exists
	Exists(id string) bool
}

Store defines the interface for CSRF token storage

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
stores

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL