csrfmidware

package module

v0.0.0-...-d66a5e8 Latest Latest Go to latest Published: Dec 29, 2016 License: BSD-3-Clause Imports: 3 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/go-gem/middleware-csrf

README ¶

CSRF Middleware

CSRF middleware is a HTTP middleware that provides Cross-Site Request Forgery protection for Gem Web framework.

Getting Started

Install

$ go get -u github.com/go-gem/middleware-csrf

Example

package main

import (
	"fmt"
	"html/template"

	"github.com/go-gem/gem"
	"github.com/go-gem/middleware-csrf"
	"github.com/gorilla/csrf"
)

var form = `
    <html>
    <head>
    <title>Sign Up!</title>
    </head>
    <body>
    <form method="POST" action="/signup" accept-charset="UTF-8">
    <input type="text" name="name">
    <input type="text" name="email">
    <!--
        The default template tag used by the CSRF middleware .
        This will be replaced with a hidden <input> field containing the
        masked CSRF token.
    -->
    {{ .csrfField }}
    <input type="submit" value="Sign up!">
    </form>
    </body>
    </html>
    `

var (
	t = template.Must(template.New("signup_form.tmpl").Parse(form))

	// Don't forget to pass csrf.Secure(false) if you're developing locally
	// over plain HTTP (just don't leave it on in production).
	csrfMiddleware = csrfmidware.New([]byte("32-byte-long-auth-key"), csrf.Secure(false))
)

func main() {
	router := gem.NewRouter()
	router.Use(csrfMiddleware)
	router.GET("/", showSignupForm)
	router.POST("/signup", submitSignupForm)

	gem.ListenAndServe(":8080", router.Handler())
}

func showSignupForm(ctx *gem.Context) {
	// signup_form.tmpl just needs a {{ .csrfField }} template tag for
	// csrf.TemplateField to inject the CSRF token into. Easy!
	t.ExecuteTemplate(ctx, "signup_form.tmpl", map[string]interface{}{
		csrf.TemplateTag: csrf.TemplateField(ctx.Request),
	})
}

func submitSignupForm(ctx *gem.Context) {
	// We can trust that requests making it this far have satisfied
	// our CSRF protection requirements.
	fmt.Fprintf(ctx, "%v\n", ctx.Request.PostForm)
}

Documentation ¶

Overview ¶

Package csrfmidware is a HTTP middleware that provides Cross-Site Request Forgery protection for Gem web framework.

This package requires csrf package: https://github.com/gorilla/csrf.

Example

	package main

	import (
		"fmt"
		"html/template"

		"github.com/go-gem/gem"
		"github.com/go-gem/middleware-csrf"
		"github.com/gorilla/csrf"
	)

	var form = `
    <html>
    <head>
    	<title>Sign Up!</title>
    </head>
    <body>
    	<form method="POST" action="/signup" accept-charset="UTF-8">
    		<input type="text" name="name">
    		<input type="text" name="email">
    		<!--
        	The default template tag used by the CSRF middleware .
        	This will be replaced with a hidden <input> field containing the
       		masked CSRF token.
    		-->
    		{{ .csrfField }}
   		<input type="submit" value="Sign up!">
	</form>
    </body>
    </html>
    `

	var (
		t = template.Must(template.New("signup_form.tmpl").Parse(form))

		// Don't forget to pass csrf.Secure(false) if you're developing locally
		// over plain HTTP (just don't leave it on in production).
		csrfMiddleware = csrfmidware.New([]byte("32-byte-long-auth-key"), csrf.Secure(false))
	)

	func main() {
		router := gem.NewRouter()
		router.Use(csrfMiddleware)
		router.GET("/", showSignupForm)
		router.POST("/signup", submitSignupForm)

		gem.ListenAndServe(":8080", router.Handler())
	}

	func showSignupForm(ctx *gem.Context) {
		// signup_form.tmpl just needs a {{ .csrfField }} template tag for
		// csrf.TemplateField to inject the CSRF token into. Easy!
		t.ExecuteTemplate(ctx, "signup_form.tmpl", map[string]interface{}{
			csrf.TemplateTag: csrf.TemplateField(ctx.Request),
		})
	}

	func submitSignupForm(ctx *gem.Context) {
		// We can trust that requests making it this far have satisfied
		// our CSRF protection requirements.
		fmt.Fprintf(ctx, "%v\n", ctx.Request.PostForm)
	}

Index ¶

type CSRF
- func New(secret []byte, opts ...csrf.Option) *CSRF
- func (c *CSRF) Wrap(next gem.Handler) gem.Handler

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CSRF ¶

type CSRF struct {
	// contains filtered or unexported fields
}

CSRF is a HTTP middleware that provides Cross-Site Request Forgery protection.

It securely generates a masked (unique-per-request) token that can be embedded in the HTTP response (e.g. form field or HTTP header). The original (unmasked) token is stored in the session, which is inaccessible by an attacker (provided you are using HTTPS). Subsequent requests are expected to include this token, which is compared against the session token. Requests that do not provide a matching token are served with a HTTP 403 'Forbidden' error response.

func New ¶

func New(secret []byte, opts ...csrf.Option) *CSRF

New return a CSRF middleware via the given secret key and default option.

func (*CSRF) Wrap ¶

func (c *CSRF) Wrap(next gem.Handler) gem.Handler

Wrap implements the Middleware interface.

Source Files ¶

View all Source files

csrf.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL