anticsrf

package

v0.12.0 Latest Latest Go to latest Published: Dec 2, 2018 License: MIT Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/go-aah/aah

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func IsSafeHTTPMethod(method string) bool
func IsSameOrigin(a, b *url.URL) bool
type AntiCSRF
- func New(cfg *config.Config) (*AntiCSRF, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrNoReferer        = errors.New("security/anticsrf: no referer")
	ErrMalformedReferer = errors.New("security/anticsrf: malformed referer")
	ErrBadReferer       = errors.New("security/anticsrf: bad referer")
	ErrNoCookieFound    = errors.New("security/anticsrf: no cookie found")
)

Anti-CSRF errors

Functions ¶

func IsSafeHTTPMethod ¶

func IsSafeHTTPMethod(method string) bool

IsSafeHTTPMethod method returns true if matches otherwise false. Safe methods per defined in https://tools.ietf.org/html/rfc7231#section-4.2.1

func IsSameOrigin ¶

func IsSameOrigin(a, b *url.URL) bool

IsSameOrigin method is to check same origin i.e. scheme, host and port. Returns true if matches otherwise false.

Types ¶

type AntiCSRF ¶

type AntiCSRF struct {
	Enabled bool
	// contains filtered or unexported fields
}

AntiCSRF struct hold the implementation of Anti CSRF (aka XSRF) protection.

func New ¶

func New(cfg *config.Config) (*AntiCSRF, error)

New method initializes the Anti-CSRF based on security configuration.

func (*AntiCSRF) CipherSecret ¶

func (ac *AntiCSRF) CipherSecret(r *ahttp.Request) []byte

CipherSecret method returns the Anti-CSRF secert from the cookie if not available generates new secret.

func (*AntiCSRF) ClearCookie ¶

func (ac *AntiCSRF) ClearCookie(w http.ResponseWriter, r *ahttp.Request)

ClearCookie method is to clear Anti-CSRF cookie when disabled.

func (*AntiCSRF) GenerateSecret ¶

func (ac *AntiCSRF) GenerateSecret() []byte

GenerateSecret method generates new secure secret by configured length.

func (*AntiCSRF) IsAuthentic ¶

func (ac *AntiCSRF) IsAuthentic(secret, requestSecret []byte) bool

IsAuthentic method compares the given secret and request secret.

func (*AntiCSRF) RequestCipherSecret ¶

func (ac *AntiCSRF) RequestCipherSecret(r *ahttp.Request) []byte

RequestCipherSecret method returns aah request secret (aka anti-csrf token) from the request. The order of secret retrival is HTTP Header, Form (Regular and Multipart).

func (*AntiCSRF) SaltCipherSecret ¶

func (ac *AntiCSRF) SaltCipherSecret(secret []byte) string

SaltCipherSecret method returns salted chiper secret.

func (*AntiCSRF) SetCookie ¶

func (ac *AntiCSRF) SetCookie(w http.ResponseWriter, secret []byte) error

SetCookie method write/refresh the Anti-CSRF cookie value and expriy.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL