🕊 rename token to key

2020-11-11 18:19:53 +01:00 · 2020-11-11 18:19:53 +01:00 · 66ee4de7d8
parent 1bd7b1b15b
commit 66ee4de7d8
5 changed files with 75 additions and 68 deletions
--- a/middleware/csrf/README.md
+++ b/middleware/csrf/README.md
@ -48,19 +48,20 @@ type Config struct {
 	// Optional. Default: nil
 	Next func(c *fiber.Ctx) bool

-	// TokenLookup is a string in the form of "<source>:<key>" that is used
+	// KeyLookup is a string in the form of "<source>:<key>" that is used
 	// to extract token from the request.
-	//
-	// Optional. Default value "header:X-CSRF-Token".
 	// Possible values:
 	// - "header:<name>"
 	// - "query:<name>"
 	// - "param:<name>"
 	// - "form:<name>"
 	// - "cookie:<name>"
-	TokenLookup string
+	//
+	// Optional. Default: "header:X-CSRF-Token"
+	KeyLookup string

-	// Cookie
+	// Cookie settings to pass the CSRF token to the client on GET
+	// requests.
 	//
 	// Optional.
 	Cookie *fiber.Cookie
@ -76,13 +77,14 @@ type Config struct {
 	Storage fiber.Storage

 	// Context key to store generated CSRF token into context.
+	// If left empty, token will not be stored in context.
 	//
-	// Optional. Default value "csrf".
+	// Optional. Default: ""
 	ContextKey string

 	// Optional. ID generator function.
 	//
-	// Default: utils.UUID
+	// Optional. Default: utils.UUID
 	KeyGenerator func() string
 }
 ```
@ -90,14 +92,12 @@ type Config struct {
 ### Default Config
 ```go
 var ConfigDefault = Config{
-	Next:        nil,
-	TokenLookup: "header:X-CSRF-Token",
-	ContextKey:  "csrf",
+	KeyLookup: "header:X-Csrf-Token",
 	Cookie: &fiber.Cookie{
 		Name:     "_csrf",
 		SameSite: "Strict",
 	},
-	Expiration: 1 * time.Hour,
-	KeyGenerator:  utils.UUID,
+	Expiration:   1 * time.Hour,
+	KeyGenerator: utils.UUID,
 }
 ```
--- a/middleware/csrf/config.go
+++ b/middleware/csrf/config.go
@ -15,19 +15,20 @@ type Config struct {
 	// Optional. Default: nil
 	Next func(c *fiber.Ctx) bool

-	// TokenLookup is a string in the form of "<source>:<key>" that is used
+	// KeyLookup is a string in the form of "<source>:<key>" that is used
 	// to extract token from the request.
-	//
-	// Optional. Default value "header:X-CSRF-Token".
 	// Possible values:
 	// - "header:<name>"
 	// - "query:<name>"
 	// - "param:<name>"
 	// - "form:<name>"
 	// - "cookie:<name>"
-	TokenLookup string
+	//
+	// Optional. Default: "header:X-CSRF-Token"
+	KeyLookup string

-	// Cookie
+	// Cookie settings to pass the CSRF token to the client on GET
+	// requests.
 	//
 	// Optional.
 	Cookie *fiber.Cookie
@ -43,24 +44,26 @@ type Config struct {
 	Storage fiber.Storage

 	// Context key to store generated CSRF token into context.
+	// If left empty, token will not be stored in context.
 	//
-	// Optional. Default value "csrf".
+	// Optional. Default: ""
 	ContextKey string

-	// Optional. ID generator function.
+	// KeyGenerator creates a new CSRF token
 	//
-	// Default: utils.UUID
+	// Optional. Default: utils.UUID
 	KeyGenerator func() string

 	// Deprecated, please use Expiration
 	CookieExpires time.Duration
+
+	// Deprecated, please use KeyLookup
+	TokenLookup string
 }

 // ConfigDefault is the default config
 var ConfigDefault = Config{
-	Next:        nil,
-	TokenLookup: "header:X-CSRF-Token",
-	ContextKey:  "csrf",
+	KeyLookup: "header:X-Csrf-Token",
 	Cookie: &fiber.Cookie{
 		Name:     "_csrf",
 		SameSite: "Strict",
@ -80,17 +83,18 @@ func configDefault(config ...Config) Config {
 	cfg := config[0]

 	// Set default values
-	if cfg.TokenLookup == "" {
-		cfg.TokenLookup = ConfigDefault.TokenLookup
-	}
-	if cfg.ContextKey == "" {
-		cfg.ContextKey = ConfigDefault.ContextKey
+	if cfg.TokenLookup != "" {
+		fmt.Println("[CSRF] TokenLookup is deprecated, please use KeyLookup")
+		cfg.KeyLookup = ConfigDefault.TokenLookup
 	}
 	if cfg.CookieExpires != 0 {
 		fmt.Println("[CSRF] CookieExpires is deprecated, please use Expiration")
-		cfg.CookieExpires = ConfigDefault.Expiration
+		cfg.Expiration = ConfigDefault.CookieExpires
 	}
-	if cfg.Expiration == 0 {
+	if cfg.KeyLookup == "" {
+		cfg.KeyLookup = ConfigDefault.KeyLookup
+	}
+	if cfg.Expiration <= 0 {
 		cfg.Expiration = ConfigDefault.Expiration
 	}
 	if cfg.Cookie != nil {
--- a/middleware/csrf/csrf.go
+++ b/middleware/csrf/csrf.go
@ -22,7 +22,7 @@ func New(config ...Config) fiber.Handler {
 	}

 	// Generate the correct extractor to get the token from the correct location
-	selectors := strings.Split(cfg.TokenLookup, ":")
+	selectors := strings.Split(cfg.KeyLookup, ":")

 	if len(selectors) != 2 {
 		panic("[CSRF] Token lookup must in the form of <source>:<key>")
@ -40,7 +40,7 @@ func New(config ...Config) fiber.Handler {
 		extractor = csrfFromParam(selectors[1])
 	case "cookie":
 		if selectors[1] == cfg.Cookie.Name {
-			panic(fmt.Sprintf("TokenLookup key %s can't be the same as Cookie.Name %s", selectors[1], cfg.Cookie.Name))
+			panic(fmt.Sprintf("KeyLookup key %s can't be the same as Cookie.Name %s", selectors[1], cfg.Cookie.Name))
 		}
 		extractor = csrfFromCookie(selectors[1])
 	}
@ -91,13 +91,15 @@ func New(config ...Config) fiber.Handler {
 			// Set cookie to response
 			c.Cookie(cookie)

-			// Store token in context
-			c.Locals(cfg.ContextKey, token)
-
 			// Protect clients from caching the response by telling the browser
 			// a new header value is generated
 			c.Vary(fiber.HeaderCookie)

+			// Store token in context if set
+			if cfg.ContextKey != "" {
+				c.Locals(cfg.ContextKey, token)
+			}
+
 		case fiber.MethodPost:
 			// Verify CSRF token
 			// Extract token from client request i.e. header, query, param, form or cookie
--- a/middleware/limiter/README.md
+++ b/middleware/limiter/README.md
@ -60,17 +60,17 @@ type Config struct {
 	// Default: 5
 	Max int

-	// Duration is the time on how long to keep records of requests in memory
-	//
-	// Default: time.Minute
-	Duration time.Duration
-
-	// Key allows you to generate custom keys, by default c.IP() is used
+	// KeyGenerator allows you to generate custom keys, by default c.IP() is used
 	//
 	// Default: func(c *fiber.Ctx) string {
 	//   return c.IP()
 	// }
-	Key func(*fiber.Ctx) string
+	KeyGenerator func(*fiber.Ctx) string
+
+	// Expiration is the time on how long to keep records of requests in memory
+	//
+	// Default: 1 * time.Minute
+	Expiration time.Duration

 	// LimitReached is called when a request hits the limit
 	//
@ -79,12 +79,10 @@ type Config struct {
 	// }
 	LimitReached fiber.Handler

-	// Store is used to store the state of the middleware.
-	// If no store is supplied, an in-memory store is used. If a store is supplied,
-	// it must implement the `Storage` interface.
+	// Store is used to store the state of the middleware
 	//
-	// Default: in memory
-	Store Storage
+	// Default: an in memory store for this process only
+	Storage fiber.Storage
 }
 ```

@ -93,10 +91,9 @@ A custom store can be used if it implements the `Storage` interface - more detai
 ### Default Config
 ```go
 var ConfigDefault = Config{
-	Next:     nil,
-	Max:      5,
-	Duration: time.Minute,
-	Key: func(c *fiber.Ctx) string {
+	Max:        5,
+	Expiration: 1 * time.Minute,
+	KeyGenerator: func(c *fiber.Ctx) string {
 		return c.IP()
 	},
 	LimitReached: func(c *fiber.Ctx) error {
--- a/middleware/limiter/config.go
+++ b/middleware/limiter/config.go
@ -19,12 +19,12 @@ type Config struct {
 	// Default: 5
 	Max int

-	// Key allows you to generate custom keys, by default c.IP() is used
+	// KeyGenerator allows you to generate custom keys, by default c.IP() is used
 	//
 	// Default: func(c *fiber.Ctx) string {
 	//   return c.IP()
 	// }
-	Key func(*fiber.Ctx) string
+	KeyGenerator func(*fiber.Ctx) string

 	// Expiration is the time on how long to keep records of requests in memory
 	//
@ -48,14 +48,16 @@ type Config struct {

 	// DEPRECATED, use Storage instead
 	Store fiber.Storage
+
+	// DEPRECATED, use KeyGenerator instead
+	Key func(*fiber.Ctx) string
 }

 // ConfigDefault is the default config
 var ConfigDefault = Config{
-	Next:       nil,
 	Max:        5,
 	Expiration: 1 * time.Minute,
-	Key: func(c *fiber.Ctx) string {
+	KeyGenerator: func(c *fiber.Ctx) string {
 		return c.IP()
 	},
 	LimitReached: func(c *fiber.Ctx) error {
@ -74,30 +76,32 @@ func configDefault(config ...Config) Config {
 	cfg := config[0]

 	// Set default values
+	if cfg.Duration > 0 {
+		fmt.Println("[LIMITER] Duration is deprecated, please use Expiration")
+		cfg.Expiration = cfg.Duration
+	}
+	if cfg.Key != nil {
+		fmt.Println("[LIMITER] Key is deprecated, please us KeyGenerator")
+		cfg.KeyGenerator = cfg.Key
+	}
+	if cfg.Store != nil {
+		fmt.Println("[LIMITER] Store is deprecated, please use Storage")
+		cfg.Storage = cfg.Store
+	}
 	if cfg.Next == nil {
 		cfg.Next = ConfigDefault.Next
 	}
 	if cfg.Max <= 0 {
 		cfg.Max = ConfigDefault.Max
 	}
-	if int(cfg.Duration.Seconds()) <= 0 && int(cfg.Expiration.Seconds()) <= 0 {
+	if cfg.Expiration <= 0 {
 		cfg.Expiration = ConfigDefault.Expiration
 	}
-	if int(cfg.Duration.Seconds()) > 0 {
-		fmt.Println("[LIMITER] Duration is deprecated, please use Expiration")
-		if cfg.Expiration != ConfigDefault.Expiration {
-			cfg.Expiration = cfg.Duration
-		}
-	}
-	if cfg.Key == nil {
-		cfg.Key = ConfigDefault.Key
+	if cfg.KeyGenerator == nil {
+		cfg.KeyGenerator = ConfigDefault.KeyGenerator
 	}
 	if cfg.LimitReached == nil {
 		cfg.LimitReached = ConfigDefault.LimitReached
 	}
-	if cfg.Store != nil {
-		fmt.Println("[LIMITER] Store is deprecated, please use Storage")
-		cfg.Storage = cfg.Store
-	}
 	return cfg
 }