Documentation
¶
Index ¶
- Constants
- Variables
- func CsrfTokenFromContext(c *fiber.Ctx) (string, error)
- func DefaultCsrfTokenGenerator() (string, error)
- func FromForm(param string) func(c *fiber.Ctx) (string, error)
- func FromHeader(param string) func(c *fiber.Ctx) (string, error)
- func FromParam(param string) func(c *fiber.Ctx) (string, error)
- func FromQuery(param string) func(c *fiber.Ctx) (string, error)
- func New(config ...Config) fiber.Handler
- type Config
- type CsrfTokenGenerator
Constants ¶
View Source
const HeaderName = "X-Csrf-Token"
HeaderName is the default header name used to extract the token.
Variables ¶
View Source
var ( // ErrMissingHeader is returned when the token is missing from the request. ErrMissingHeader = fiber.NewError(fiber.StatusForbidden, "missing csrf token in header") // ErrTokenNotFound is returned when the token is not found in the session. ErrTokenNotFound = fiber.NewError(fiber.StatusForbidden, "csrf token not found in session") // ErrMissingSession is returned when the session is missing from the context. ErrMissingSession = fiber.NewError(fiber.StatusForbidden, "missing session in context") // ErrGenerateToken is returned when the token generator returns an error. ErrGenerateToken = fiber.NewError(fiber.StatusForbidden, "failed to generate csrf token") // ErrMissingToken is returned when the token is missing from the request. ErrMissingToken = fiber.NewError(fiber.StatusForbidden, "missing csrf token in request") )
View Source
var ConfigDefault = Config{ IdleTimeout: 30 * time.Minute, ErrorHandler: defaultErrorHandler, Extractor: FromHeader(HeaderName), TokenGenerator: DefaultCsrfTokenGenerator, IgnoredMethods: []string{fiber.MethodGet, fiber.MethodHead, fiber.MethodOptions, fiber.MethodTrace}, }
ConfigDefault is the default config.
Functions ¶
func CsrfTokenFromContext ¶
CsrfTokenFromContext returns the CSRF token from the context.
func DefaultCsrfTokenGenerator ¶
DefaultCsrfTokenGenerator generates a new CSRF token.
func FromHeader ¶
FromHeader returns a function that extracts token from the request header.
Types ¶
type Config ¶
type Config struct {
// Next defines a function to skip this middleware when returned true.
Next func(c *fiber.Ctx) bool
// Adapter is the adapter used to store the session.
// Adapter adapters.Adapter
Adapter adapters.Adapter
// IgnoredMethods is a list of methods to ignore from CSRF protection.
// Optional. Default: []string{fiber.MethodGet, fiber.MethodHead, fiber.MethodOptions, fiber.MethodTrace}
IgnoredMethods []string
// ErrorHandler is executed when an error is returned from fiber.Handler.
//
// Optional. Default: DefaultErrorHandler
ErrorHandler fiber.ErrorHandler
// Extractor is the function used to extract the token from the request.
Extractor func(c *fiber.Ctx) (string, error)
// TrustedOrigins is a list of origins that are allowed to set the cookie.
TrustedOrigins []string
// IdleTimeout is the duration of time before the session expires.
IdleTimeout time.Duration
// TokenGenerator is a function that generates a CSRF token.
TokenGenerator CsrfTokenGenerator
}
Config defines the config for csrf middleware.
type CsrfTokenGenerator ¶
CsrfTokenGenerator is a function that generates a CSRF token.
Source Files
Click to show internal directories.
Click to hide internal directories.