actions

package
v0.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 22, 2026 License: MPL-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DecodeForm 

func DecodeForm(request *http.Request) (form.Values, error)

DecodeForm parses request form data for generated typed action decoders.

func DecodeMultipartForm added in v0.8.0 

func DecodeMultipartForm(request *http.Request) (form.Data, error)

DecodeMultipartForm parses request multipart data for generated typed action decoders.

func ValidateRequired 

func ValidateRequired(values form.Values, fields []string) validation.Result

ValidateRequired records one validation error for each missing required form field. Empty and whitespace-only submitted values are treated as missing.

Types

type CSRF 

type CSRF struct {
	// contains filtered or unexported fields
}

CSRF validates signed double-submit CSRF tokens for generated actions.

func NewCSRF 

func NewCSRF(options CSRFOptions) (*CSRF, error)

NewCSRF creates a validator with secure cookie defaults.

func (*CSRF) CookieName 

func (csrf *CSRF) CookieName() string

CookieName returns the cookie name used for CSRF token storage.

func (*CSRF) FieldName 

func (csrf *CSRF) FieldName() string

FieldName returns the form field name used for submitted CSRF tokens.

func (*CSRF) HeaderName 

func (csrf *CSRF) HeaderName() string

HeaderName returns the header name used for submitted CSRF tokens.

func (*CSRF) Token 

func (csrf *CSRF) Token(response http.ResponseWriter, request *http.Request) (string, error)

Token returns the CSRF token for a generated hidden form field. It reuses the request's valid CSRF cookie when present so concurrently open tabs keep working, and only mints and stores a new token when the cookie is absent or invalid.

func (*CSRF) Validate 

func (csrf *CSRF) Validate(request *http.Request) error

Validate checks the submitted token against the CSRF cookie and signature.

type CSRFOptions 

type CSRFOptions struct {
	Secret     []byte
	CookieName string
	FieldName  string
	HeaderName string
	Insecure   bool
	SameSite   http.SameSite
	// Binding, when set, ties each token to a per-request identity (typically
	// the authenticated principal). The returned value is mixed into the token
	// signature, so a token minted for one principal is rejected once the
	// request resolves to a different principal. This upgrades the plain signed
	// double-submit cookie to a session-bound token, the OWASP-recommended
	// hardening. Returning nil binds the token to the anonymous context, which
	// still yields a valid signed double-submit token (backwards compatible).
	Binding func(*http.Request) []byte
}

CSRFOptions configures signed double-submit CSRF tokens.

type CSRFTokenSource 

type CSRFTokenSource interface {
	Token(http.ResponseWriter, *http.Request) (string, error)
	FieldName() string
}

CSRFTokenSource generates tokens for generated forms.

type CSRFValidator 

type CSRFValidator interface {
	Validate(*http.Request) error
}

CSRFValidator validates action requests before generated handlers run.

type Handler 

type Handler func(context.Context, form.Values) (response.Response, error)

Handler is a generated typed action endpoint.

type Registry 

type Registry map[string]Handler

Registry maps generated action names to handlers.

func (Registry) Register 

func (registry Registry) Register(name string, handler Handler)

Register stores one action handler.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.