csrf

README

gin-csrf

CSRF protection middleware for Gin. This middleware has to be used with gin-sessions.

Installation

$ go get github.com/tommy351/gin-csrf

Usage

import (
    "errors"
    
    "github.com/gin-gonic/gin"
    "github.com/tommy351/gin-sessions"
    "github.com/tommy351/gin-csrf"
)

func main(){
    g := gin.New()
    store := sessions.NewCookieStore([]byte("secret123"))
    g.Use(sessions.Middleware("my_session", store))
    g.Use(csrf.Middleware(csrf.Options{
        Secret: "secret123",
        ErrorFunc: func(c *gin.Context){
            c.Fail(400, errors.New("CSRF token mismatch"))
        },
    }))
    
    g.GET("/protected", func(c *gin.Context){
        c.String(200, csrf.GetToken(c))
    })
    
    g.POST("/protected", func(c *gin.Context){
        c.String(200, "CSRF token is valid")
    })
}

Documentation

Index

• func GetToken(c *gin.Context) string
• func Middleware(options Options) gin.HandlerFunc
• type Options

Functions

func GetToken

func GetToken(c *gin.Context) string

GetToken returns a CSRF token.

func Middleware

func Middleware(options Options) gin.HandlerFunc

Middleware validates CSRF token.

Types

type Options

type Options struct {
	Secret        string
	IgnoreMethods []string
	ErrorFunc     gin.HandlerFunc
	TokenGetter   func(c *gin.Context) string
}

Options stores configurations for a CSRF middleware.