From 66ee4de7d82803fd63d8c20f246f3b3a8e4e460f Mon Sep 17 00:00:00 2001 From: Fenny <25108519+Fenny@users.noreply.github.com> Date: Wed, 11 Nov 2020 18:19:53 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=95=8A=20rename=20token=20to=20key?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- middleware/csrf/README.md | 24 +++++++++++----------- middleware/csrf/config.go | 40 ++++++++++++++++++++---------------- middleware/csrf/csrf.go | 12 ++++++----- middleware/limiter/README.md | 29 ++++++++++++-------------- middleware/limiter/config.go | 38 +++++++++++++++++++--------------- 5 files changed, 75 insertions(+), 68 deletions(-) diff --git a/middleware/csrf/README.md b/middleware/csrf/README.md index 53269c48..bf2649b0 100644 --- a/middleware/csrf/README.md +++ b/middleware/csrf/README.md @@ -48,19 +48,20 @@ type Config struct { // Optional. Default: nil Next func(c *fiber.Ctx) bool - // TokenLookup is a string in the form of ":" that is used + // KeyLookup is a string in the form of ":" that is used // to extract token from the request. - // - // Optional. Default value "header:X-CSRF-Token". // Possible values: // - "header:" // - "query:" // - "param:" // - "form:" // - "cookie:" - TokenLookup string + // + // Optional. Default: "header:X-CSRF-Token" + KeyLookup string - // Cookie + // Cookie settings to pass the CSRF token to the client on GET + // requests. // // Optional. Cookie *fiber.Cookie @@ -76,13 +77,14 @@ type Config struct { Storage fiber.Storage // Context key to store generated CSRF token into context. + // If left empty, token will not be stored in context. // - // Optional. Default value "csrf". + // Optional. Default: "" ContextKey string // Optional. ID generator function. // - // Default: utils.UUID + // Optional. Default: utils.UUID KeyGenerator func() string } ``` @@ -90,14 +92,12 @@ type Config struct { ### Default Config ```go var ConfigDefault = Config{ - Next: nil, - TokenLookup: "header:X-CSRF-Token", - ContextKey: "csrf", + KeyLookup: "header:X-Csrf-Token", Cookie: &fiber.Cookie{ Name: "_csrf", SameSite: "Strict", }, - Expiration: 1 * time.Hour, - KeyGenerator: utils.UUID, + Expiration: 1 * time.Hour, + KeyGenerator: utils.UUID, } ``` diff --git a/middleware/csrf/config.go b/middleware/csrf/config.go index 0d619598..31de43fd 100644 --- a/middleware/csrf/config.go +++ b/middleware/csrf/config.go @@ -15,19 +15,20 @@ type Config struct { // Optional. Default: nil Next func(c *fiber.Ctx) bool - // TokenLookup is a string in the form of ":" that is used + // KeyLookup is a string in the form of ":" that is used // to extract token from the request. - // - // Optional. Default value "header:X-CSRF-Token". // Possible values: // - "header:" // - "query:" // - "param:" // - "form:" // - "cookie:" - TokenLookup string + // + // Optional. Default: "header:X-CSRF-Token" + KeyLookup string - // Cookie + // Cookie settings to pass the CSRF token to the client on GET + // requests. // // Optional. Cookie *fiber.Cookie @@ -43,24 +44,26 @@ type Config struct { Storage fiber.Storage // Context key to store generated CSRF token into context. + // If left empty, token will not be stored in context. // - // Optional. Default value "csrf". + // Optional. Default: "" ContextKey string - // Optional. ID generator function. + // KeyGenerator creates a new CSRF token // - // Default: utils.UUID + // Optional. Default: utils.UUID KeyGenerator func() string // Deprecated, please use Expiration CookieExpires time.Duration + + // Deprecated, please use KeyLookup + TokenLookup string } // ConfigDefault is the default config var ConfigDefault = Config{ - Next: nil, - TokenLookup: "header:X-CSRF-Token", - ContextKey: "csrf", + KeyLookup: "header:X-Csrf-Token", Cookie: &fiber.Cookie{ Name: "_csrf", SameSite: "Strict", @@ -80,17 +83,18 @@ func configDefault(config ...Config) Config { cfg := config[0] // Set default values - if cfg.TokenLookup == "" { - cfg.TokenLookup = ConfigDefault.TokenLookup - } - if cfg.ContextKey == "" { - cfg.ContextKey = ConfigDefault.ContextKey + if cfg.TokenLookup != "" { + fmt.Println("[CSRF] TokenLookup is deprecated, please use KeyLookup") + cfg.KeyLookup = ConfigDefault.TokenLookup } if cfg.CookieExpires != 0 { fmt.Println("[CSRF] CookieExpires is deprecated, please use Expiration") - cfg.CookieExpires = ConfigDefault.Expiration + cfg.Expiration = ConfigDefault.CookieExpires } - if cfg.Expiration == 0 { + if cfg.KeyLookup == "" { + cfg.KeyLookup = ConfigDefault.KeyLookup + } + if cfg.Expiration <= 0 { cfg.Expiration = ConfigDefault.Expiration } if cfg.Cookie != nil { diff --git a/middleware/csrf/csrf.go b/middleware/csrf/csrf.go index abf42dcd..03c99baa 100644 --- a/middleware/csrf/csrf.go +++ b/middleware/csrf/csrf.go @@ -22,7 +22,7 @@ func New(config ...Config) fiber.Handler { } // Generate the correct extractor to get the token from the correct location - selectors := strings.Split(cfg.TokenLookup, ":") + selectors := strings.Split(cfg.KeyLookup, ":") if len(selectors) != 2 { panic("[CSRF] Token lookup must in the form of :") @@ -40,7 +40,7 @@ func New(config ...Config) fiber.Handler { extractor = csrfFromParam(selectors[1]) case "cookie": if selectors[1] == cfg.Cookie.Name { - panic(fmt.Sprintf("TokenLookup key %s can't be the same as Cookie.Name %s", selectors[1], cfg.Cookie.Name)) + panic(fmt.Sprintf("KeyLookup key %s can't be the same as Cookie.Name %s", selectors[1], cfg.Cookie.Name)) } extractor = csrfFromCookie(selectors[1]) } @@ -91,13 +91,15 @@ func New(config ...Config) fiber.Handler { // Set cookie to response c.Cookie(cookie) - // Store token in context - c.Locals(cfg.ContextKey, token) - // Protect clients from caching the response by telling the browser // a new header value is generated c.Vary(fiber.HeaderCookie) + // Store token in context if set + if cfg.ContextKey != "" { + c.Locals(cfg.ContextKey, token) + } + case fiber.MethodPost: // Verify CSRF token // Extract token from client request i.e. header, query, param, form or cookie diff --git a/middleware/limiter/README.md b/middleware/limiter/README.md index 51b6ed81..39f9792d 100644 --- a/middleware/limiter/README.md +++ b/middleware/limiter/README.md @@ -60,17 +60,17 @@ type Config struct { // Default: 5 Max int - // Duration is the time on how long to keep records of requests in memory - // - // Default: time.Minute - Duration time.Duration - - // Key allows you to generate custom keys, by default c.IP() is used + // KeyGenerator allows you to generate custom keys, by default c.IP() is used // // Default: func(c *fiber.Ctx) string { // return c.IP() // } - Key func(*fiber.Ctx) string + KeyGenerator func(*fiber.Ctx) string + + // Expiration is the time on how long to keep records of requests in memory + // + // Default: 1 * time.Minute + Expiration time.Duration // LimitReached is called when a request hits the limit // @@ -79,12 +79,10 @@ type Config struct { // } LimitReached fiber.Handler - // Store is used to store the state of the middleware. - // If no store is supplied, an in-memory store is used. If a store is supplied, - // it must implement the `Storage` interface. + // Store is used to store the state of the middleware // - // Default: in memory - Store Storage + // Default: an in memory store for this process only + Storage fiber.Storage } ``` @@ -93,10 +91,9 @@ A custom store can be used if it implements the `Storage` interface - more detai ### Default Config ```go var ConfigDefault = Config{ - Next: nil, - Max: 5, - Duration: time.Minute, - Key: func(c *fiber.Ctx) string { + Max: 5, + Expiration: 1 * time.Minute, + KeyGenerator: func(c *fiber.Ctx) string { return c.IP() }, LimitReached: func(c *fiber.Ctx) error { diff --git a/middleware/limiter/config.go b/middleware/limiter/config.go index c5c0021c..560a4771 100644 --- a/middleware/limiter/config.go +++ b/middleware/limiter/config.go @@ -19,12 +19,12 @@ type Config struct { // Default: 5 Max int - // Key allows you to generate custom keys, by default c.IP() is used + // KeyGenerator allows you to generate custom keys, by default c.IP() is used // // Default: func(c *fiber.Ctx) string { // return c.IP() // } - Key func(*fiber.Ctx) string + KeyGenerator func(*fiber.Ctx) string // Expiration is the time on how long to keep records of requests in memory // @@ -48,14 +48,16 @@ type Config struct { // DEPRECATED, use Storage instead Store fiber.Storage + + // DEPRECATED, use KeyGenerator instead + Key func(*fiber.Ctx) string } // ConfigDefault is the default config var ConfigDefault = Config{ - Next: nil, Max: 5, Expiration: 1 * time.Minute, - Key: func(c *fiber.Ctx) string { + KeyGenerator: func(c *fiber.Ctx) string { return c.IP() }, LimitReached: func(c *fiber.Ctx) error { @@ -74,30 +76,32 @@ func configDefault(config ...Config) Config { cfg := config[0] // Set default values + if cfg.Duration > 0 { + fmt.Println("[LIMITER] Duration is deprecated, please use Expiration") + cfg.Expiration = cfg.Duration + } + if cfg.Key != nil { + fmt.Println("[LIMITER] Key is deprecated, please us KeyGenerator") + cfg.KeyGenerator = cfg.Key + } + if cfg.Store != nil { + fmt.Println("[LIMITER] Store is deprecated, please use Storage") + cfg.Storage = cfg.Store + } if cfg.Next == nil { cfg.Next = ConfigDefault.Next } if cfg.Max <= 0 { cfg.Max = ConfigDefault.Max } - if int(cfg.Duration.Seconds()) <= 0 && int(cfg.Expiration.Seconds()) <= 0 { + if cfg.Expiration <= 0 { cfg.Expiration = ConfigDefault.Expiration } - if int(cfg.Duration.Seconds()) > 0 { - fmt.Println("[LIMITER] Duration is deprecated, please use Expiration") - if cfg.Expiration != ConfigDefault.Expiration { - cfg.Expiration = cfg.Duration - } - } - if cfg.Key == nil { - cfg.Key = ConfigDefault.Key + if cfg.KeyGenerator == nil { + cfg.KeyGenerator = ConfigDefault.KeyGenerator } if cfg.LimitReached == nil { cfg.LimitReached = ConfigDefault.LimitReached } - if cfg.Store != nil { - fmt.Println("[LIMITER] Store is deprecated, please use Storage") - cfg.Storage = cfg.Store - } return cfg }