GOMODULES
/
fiber
mirror of https://github.com/gofiber/fiber.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

🕊 rename token to key

pull/1009/head
Fenny 2020-11-11 18:19:53 +01:00
parent 1bd7b1b15b
commit 66ee4de7d8
5 changed files with 75 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
middleware/csrf/README.md
View File

@ -48,19 +48,20 @@ type Config struct {
// Optional. Default: nil // Optional. Default: nil
Next func(c *fiber.Ctx) bool Next func(c *fiber.Ctx) bool
// TokenLookup is a string in the form of "<source>:<key>" that is used // KeyLookup is a string in the form of "<source>:<key>" that is used
// to extract token from the request. // to extract token from the request.
//
// Optional. Default value "header:X-CSRF-Token".
// Possible values: // Possible values:
// - "header:<name>" // - "header:<name>"
// - "query:<name>" // - "query:<name>"
// - "param:<name>" // - "param:<name>"
// - "form:<name>" // - "form:<name>"
// - "cookie:<name>" // - "cookie:<name>"
TokenLookup string //
// Optional. Default: "header:X-CSRF-Token"
KeyLookup string
// Cookie // Cookie settings to pass the CSRF token to the client on GET
// requests.
// //
// Optional. // Optional.
Cookie *fiber.Cookie Cookie *fiber.Cookie
@ -76,13 +77,14 @@ type Config struct {
Storage fiber.Storage Storage fiber.Storage
// Context key to store generated CSRF token into context. // Context key to store generated CSRF token into context.
// If left empty, token will not be stored in context.
// //
// Optional. Default value "csrf". // Optional. Default: ""
ContextKey string ContextKey string
// Optional. ID generator function. // Optional. ID generator function.
// //
// Default: utils.UUID // Optional. Default: utils.UUID
KeyGenerator func() string KeyGenerator func() string
} }
``` ```
@ -90,14 +92,12 @@ type Config struct {
### Default Config ### Default Config
```go ```go
var ConfigDefault = Config{ var ConfigDefault = Config{
Next: nil, KeyLookup: "header:X-Csrf-Token",
TokenLookup: "header:X-CSRF-Token",
ContextKey: "csrf",
Cookie: &fiber.Cookie{ Cookie: &fiber.Cookie{
Name: "_csrf", Name: "_csrf",
SameSite: "Strict", SameSite: "Strict",
}, },
Expiration: 1 * time.Hour, Expiration: 1 * time.Hour,
KeyGenerator: utils.UUID, KeyGenerator: utils.UUID,
} }
``` ```

40
middleware/csrf/config.go
View File

@ -15,19 +15,20 @@ type Config struct {
// Optional. Default: nil // Optional. Default: nil
Next func(c *fiber.Ctx) bool Next func(c *fiber.Ctx) bool
// TokenLookup is a string in the form of "<source>:<key>" that is used // KeyLookup is a string in the form of "<source>:<key>" that is used
// to extract token from the request. // to extract token from the request.
//
// Optional. Default value "header:X-CSRF-Token".
// Possible values: // Possible values:
// - "header:<name>" // - "header:<name>"
// - "query:<name>" // - "query:<name>"
// - "param:<name>" // - "param:<name>"
// - "form:<name>" // - "form:<name>"
// - "cookie:<name>" // - "cookie:<name>"
TokenLookup string //
// Optional. Default: "header:X-CSRF-Token"
KeyLookup string
// Cookie // Cookie settings to pass the CSRF token to the client on GET
// requests.
// //
// Optional. // Optional.
Cookie *fiber.Cookie Cookie *fiber.Cookie
@ -43,24 +44,26 @@ type Config struct {
Storage fiber.Storage Storage fiber.Storage
// Context key to store generated CSRF token into context. // Context key to store generated CSRF token into context.
// If left empty, token will not be stored in context.
// //
// Optional. Default value "csrf". // Optional. Default: ""
ContextKey string ContextKey string
// Optional. ID generator function. // KeyGenerator creates a new CSRF token
// //
// Default: utils.UUID // Optional. Default: utils.UUID
KeyGenerator func() string KeyGenerator func() string
// Deprecated, please use Expiration // Deprecated, please use Expiration
CookieExpires time.Duration CookieExpires time.Duration
// Deprecated, please use KeyLookup
TokenLookup string
} }
// ConfigDefault is the default config // ConfigDefault is the default config
var ConfigDefault = Config{ var ConfigDefault = Config{
Next: nil, KeyLookup: "header:X-Csrf-Token",
TokenLookup: "header:X-CSRF-Token",
ContextKey: "csrf",
Cookie: &fiber.Cookie{ Cookie: &fiber.Cookie{
Name: "_csrf", Name: "_csrf",
SameSite: "Strict", SameSite: "Strict",
@ -80,17 +83,18 @@ func configDefault(config ...Config) Config {
cfg := config[0] cfg := config[0]
// Set default values // Set default values
if cfg.TokenLookup == "" { if cfg.TokenLookup != "" {
cfg.TokenLookup = ConfigDefault.TokenLookup fmt.Println("[CSRF] TokenLookup is deprecated, please use KeyLookup")
} cfg.KeyLookup = ConfigDefault.TokenLookup
if cfg.ContextKey == "" {
cfg.ContextKey = ConfigDefault.ContextKey
} }
if cfg.CookieExpires != 0 { if cfg.CookieExpires != 0 {
fmt.Println("[CSRF] CookieExpires is deprecated, please use Expiration") fmt.Println("[CSRF] CookieExpires is deprecated, please use Expiration")
cfg.CookieExpires = ConfigDefault.Expiration cfg.Expiration = ConfigDefault.CookieExpires
} }
if cfg.Expiration == 0 { if cfg.KeyLookup == "" {
cfg.KeyLookup = ConfigDefault.KeyLookup
}
if cfg.Expiration <= 0 {
cfg.Expiration = ConfigDefault.Expiration cfg.Expiration = ConfigDefault.Expiration
} }
if cfg.Cookie != nil { if cfg.Cookie != nil {

12
middleware/csrf/csrf.go
View File

@ -22,7 +22,7 @@ func New(config ...Config) fiber.Handler {
} }
// Generate the correct extractor to get the token from the correct location // Generate the correct extractor to get the token from the correct location
selectors := strings.Split(cfg.TokenLookup, ":") selectors := strings.Split(cfg.KeyLookup, ":")
if len(selectors) != 2 { if len(selectors) != 2 {
panic("[CSRF] Token lookup must in the form of <source>:<key>") panic("[CSRF] Token lookup must in the form of <source>:<key>")
@ -40,7 +40,7 @@ func New(config ...Config) fiber.Handler {
extractor = csrfFromParam(selectors[1]) extractor = csrfFromParam(selectors[1])
case "cookie": case "cookie":
if selectors[1] == cfg.Cookie.Name { if selectors[1] == cfg.Cookie.Name {
panic(fmt.Sprintf("TokenLookup key %s can't be the same as Cookie.Name %s", selectors[1], cfg.Cookie.Name)) panic(fmt.Sprintf("KeyLookup key %s can't be the same as Cookie.Name %s", selectors[1], cfg.Cookie.Name))
} }
extractor = csrfFromCookie(selectors[1]) extractor = csrfFromCookie(selectors[1])
} }
@ -91,13 +91,15 @@ func New(config ...Config) fiber.Handler {
// Set cookie to response // Set cookie to response
c.Cookie(cookie) c.Cookie(cookie)
// Store token in context
c.Locals(cfg.ContextKey, token)
// Protect clients from caching the response by telling the browser // Protect clients from caching the response by telling the browser
// a new header value is generated // a new header value is generated
c.Vary(fiber.HeaderCookie) c.Vary(fiber.HeaderCookie)
// Store token in context if set
if cfg.ContextKey != "" {
c.Locals(cfg.ContextKey, token)
}
case fiber.MethodPost: case fiber.MethodPost:
// Verify CSRF token // Verify CSRF token
// Extract token from client request i.e. header, query, param, form or cookie // Extract token from client request i.e. header, query, param, form or cookie

29
middleware/limiter/README.md
View File

@ -60,17 +60,17 @@ type Config struct {
// Default: 5 // Default: 5
Max int Max int
// Duration is the time on how long to keep records of requests in memory // KeyGenerator allows you to generate custom keys, by default c.IP() is used
//
// Default: time.Minute
Duration time.Duration
// Key allows you to generate custom keys, by default c.IP() is used
// //
// Default: func(c *fiber.Ctx) string { // Default: func(c *fiber.Ctx) string {
// return c.IP() // return c.IP()
// } // }
Key func(*fiber.Ctx) string KeyGenerator func(*fiber.Ctx) string
// Expiration is the time on how long to keep records of requests in memory
//
// Default: 1 * time.Minute
Expiration time.Duration
// LimitReached is called when a request hits the limit // LimitReached is called when a request hits the limit
// //
@ -79,12 +79,10 @@ type Config struct {
// } // }
LimitReached fiber.Handler LimitReached fiber.Handler
// Store is used to store the state of the middleware. // Store is used to store the state of the middleware
// If no store is supplied, an in-memory store is used. If a store is supplied,
// it must implement the `Storage` interface.
// //
// Default: in memory // Default: an in memory store for this process only
Store Storage Storage fiber.Storage
} }
``` ```
@ -93,10 +91,9 @@ A custom store can be used if it implements the `Storage` interface - more detai
### Default Config ### Default Config
```go ```go
var ConfigDefault = Config{ var ConfigDefault = Config{
Next: nil, Max: 5,
Max: 5, Expiration: 1 * time.Minute,
Duration: time.Minute, KeyGenerator: func(c *fiber.Ctx) string {
Key: func(c *fiber.Ctx) string {
return c.IP() return c.IP()
}, },
LimitReached: func(c *fiber.Ctx) error { LimitReached: func(c *fiber.Ctx) error {

38
middleware/limiter/config.go
View File

@ -19,12 +19,12 @@ type Config struct {
// Default: 5 // Default: 5
Max int Max int
// Key allows you to generate custom keys, by default c.IP() is used // KeyGenerator allows you to generate custom keys, by default c.IP() is used
// //
// Default: func(c *fiber.Ctx) string { // Default: func(c *fiber.Ctx) string {
// return c.IP() // return c.IP()
// } // }
Key func(*fiber.Ctx) string KeyGenerator func(*fiber.Ctx) string
// Expiration is the time on how long to keep records of requests in memory // Expiration is the time on how long to keep records of requests in memory
// //
@ -48,14 +48,16 @@ type Config struct {
// DEPRECATED, use Storage instead // DEPRECATED, use Storage instead
Store fiber.Storage Store fiber.Storage
// DEPRECATED, use KeyGenerator instead
Key func(*fiber.Ctx) string
} }
// ConfigDefault is the default config // ConfigDefault is the default config
var ConfigDefault = Config{ var ConfigDefault = Config{
Next: nil,
Max: 5, Max: 5,
Expiration: 1 * time.Minute, Expiration: 1 * time.Minute,
Key: func(c *fiber.Ctx) string { KeyGenerator: func(c *fiber.Ctx) string {
return c.IP() return c.IP()
}, },
LimitReached: func(c *fiber.Ctx) error { LimitReached: func(c *fiber.Ctx) error {
@ -74,30 +76,32 @@ func configDefault(config ...Config) Config {
cfg := config[0] cfg := config[0]
// Set default values // Set default values
if cfg.Duration > 0 {
fmt.Println("[LIMITER] Duration is deprecated, please use Expiration")
cfg.Expiration = cfg.Duration
}
if cfg.Key != nil {
fmt.Println("[LIMITER] Key is deprecated, please us KeyGenerator")
cfg.KeyGenerator = cfg.Key
}
if cfg.Store != nil {
fmt.Println("[LIMITER] Store is deprecated, please use Storage")
cfg.Storage = cfg.Store
}
if cfg.Next == nil { if cfg.Next == nil {
cfg.Next = ConfigDefault.Next cfg.Next = ConfigDefault.Next
} }
if cfg.Max <= 0 { if cfg.Max <= 0 {
cfg.Max = ConfigDefault.Max cfg.Max = ConfigDefault.Max
} }
if int(cfg.Duration.Seconds()) <= 0 && int(cfg.Expiration.Seconds()) <= 0 { if cfg.Expiration <= 0 {
cfg.Expiration = ConfigDefault.Expiration cfg.Expiration = ConfigDefault.Expiration
} }
if int(cfg.Duration.Seconds()) > 0 { if cfg.KeyGenerator == nil {
fmt.Println("[LIMITER] Duration is deprecated, please use Expiration") cfg.KeyGenerator = ConfigDefault.KeyGenerator
if cfg.Expiration != ConfigDefault.Expiration {
cfg.Expiration = cfg.Duration
}
}
if cfg.Key == nil {
cfg.Key = ConfigDefault.Key
} }
if cfg.LimitReached == nil { if cfg.LimitReached == nil {
cfg.LimitReached = ConfigDefault.LimitReached cfg.LimitReached = ConfigDefault.LimitReached
} }
if cfg.Store != nil {
fmt.Println("[LIMITER] Store is deprecated, please use Storage")
cfg.Storage = cfg.Store
}
return cfg return cfg
} }