anticsrf

package
v0.10.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 30, 2018 License: MIT Imports: 11 Imported by: 4

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrNoReferer        = errors.New("security/anticsrf: no referer")
	ErrMalformedReferer = errors.New("security/anticsrf: malformed referer")
	ErrBadReferer       = errors.New("security/anticsrf: bad referer")
	ErrNoCookieFound    = errors.New("security/anticsrf: no cookie found")
)

Anti-CSRF errors

Functions

func IsSafeHTTPMethod

func IsSafeHTTPMethod(method string) bool

IsSafeHTTPMethod method returns true if matches otherwise false. Safe methods per defined in https://tools.ietf.org/html/rfc7231#section-4.2.1

func IsSameOrigin

func IsSameOrigin(a, b *url.URL) bool

IsSameOrigin method is to check same origin i.e. scheme, host and port. Returns true if matches otherwise false.

Types

type AntiCSRF

type AntiCSRF struct {
	Enabled bool
	// contains filtered or unexported fields
}

AntiCSRF struct hold the implementation of Anti CSRF (aka XSRF) protection.

func New

func New(cfg *config.Config) (*AntiCSRF, error)

New method initializes the Anti-CSRF based on security configuration.

func (*AntiCSRF) CipherSecret

func (ac *AntiCSRF) CipherSecret(r *ahttp.Request) []byte

CipherSecret method returns the Anti-CSRF secert from the cookie if not available generates new secret.

func (*AntiCSRF) ClearCookie

func (ac *AntiCSRF) ClearCookie(w http.ResponseWriter, r *ahttp.Request)

ClearCookie method is to clear Anti-CSRF cookie when disabled.

func (*AntiCSRF) GenerateSecret

func (ac *AntiCSRF) GenerateSecret() []byte

GenerateSecret method generates new secure secret by configured length.

func (*AntiCSRF) IsAuthentic

func (ac *AntiCSRF) IsAuthentic(secret, requestSecret []byte) bool

IsAuthentic method compares the given secret and request secret.

func (*AntiCSRF) RequestCipherSecret

func (ac *AntiCSRF) RequestCipherSecret(r *ahttp.Request) []byte

RequestCipherSecret method returns aah request secret (aka anti-csrf token) from the request. The order of secret retrival is HTTP Header, Form (Regular and Multipart).

func (*AntiCSRF) SaltCipherSecret

func (ac *AntiCSRF) SaltCipherSecret(secret []byte) string

SaltCipherSecret method returns salted chiper secret.

func (*AntiCSRF) SetCookie

func (ac *AntiCSRF) SetCookie(w http.ResponseWriter, secret []byte) error

SetCookie method write/refresh the Anti-CSRF cookie value and expriy.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL