GOMODULES
/
fiber
mirror of https://github.com/gofiber/fiber.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

🧽 clean code structure

pull/1009/head
Fenny 2020-11-11 21:44:37 +01:00
parent b29d500fc0
commit ec8fdb32de
1 changed files with 18 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
middleware/csrf/csrf.go
View File

@ -49,29 +49,29 @@ func New(config ...Config) fiber.Handler {
dummyVal := []byte{'+'} dummyVal := []byte{'+'}
// Return new handler // Return new handler
return func(c *fiber.Ctx) error { return func(c *fiber.Ctx) (err error) {
// Don't execute middleware if Next returns true // Don't execute middleware if Next returns true
if cfg.Next != nil && cfg.Next(c) { if cfg.Next != nil && cfg.Next(c) {
return c.Next() return c.Next()
} }
var token string
// Action depends on the HTTP method // Action depends on the HTTP method
switch c.Method() { switch c.Method() {
case fiber.MethodGet: case fiber.MethodGet:
// Generate CSRF token if not exist // Generate CSRF token if not exist
// Declare empty token and try to get existing CSRF from cookie // Declare empty token and try to get existing CSRF from cookie
token, key := "", c.Cookies(cfg.Cookie.Name) token = c.Cookies(cfg.Cookie.Name)
// Do we have an existing CSRF token? // Do we have an existing CSRF token?
if key != "" { if token == "" {
token = key
} else {
// Generate new CSRF token // Generate new CSRF token
token = cfg.KeyGenerator() token = cfg.KeyGenerator()
// Add token to Storage // Add token to Storage
if err := cfg.Storage.Set(token, dummyVal, cfg.Expiration); err != nil { if err = cfg.Storage.Set(token, dummyVal, cfg.Expiration); err != nil {
fmt.Println("[CSRF]", err.Error()) fmt.Println("[CSRF]", err.Error())
} }
} }
@ -90,27 +90,17 @@ func New(config ...Config) fiber.Handler {
// Set cookie to response // Set cookie to response
c.Cookie(cookie) c.Cookie(cookie)
// Protect clients from caching the response by telling the browser
// a new header value is generated
c.Vary(fiber.HeaderCookie)
// Store token in context if set
if cfg.ContextKey != "" {
c.Locals(cfg.ContextKey, token)
}
case fiber.MethodPost, fiber.MethodDelete, fiber.MethodPatch, fiber.MethodPut: case fiber.MethodPost, fiber.MethodDelete, fiber.MethodPatch, fiber.MethodPut:
// Verify CSRF token // Verify CSRF token
// Extract token from client request i.e. header, query, param, form or cookie // Extract token from client request i.e. header, query, param, form or cookie
csrf, err := extractor(c) token, err = extractor(c)
if err != nil { if err != nil {
return fiber.ErrForbidden return fiber.ErrForbidden
} }
// We have a problem extracting the csrf token from Storage // We have a problem extracting the csrf token from Storage
if _, err = cfg.Storage.Get(csrf); err != nil { if _, err = cfg.Storage.Get(token); err != nil {
// The token is invalid, let client generate a new one // The token is invalid, let client generate a new one
if err = cfg.Storage.Delete(csrf); err != nil { if err = cfg.Storage.Delete(token); err != nil {
fmt.Println("[CSRF]", err.Error()) fmt.Println("[CSRF]", err.Error())
} }
// Expire cookie // Expire cookie
@ -127,6 +117,15 @@ func New(config ...Config) fiber.Handler {
} }
} }
// Protect clients from caching the response by telling the browser
// a new header value is generated
c.Vary(fiber.HeaderCookie)
// Store token in context if set
if cfg.ContextKey != "" {
c.Locals(cfg.ContextKey, token)
}
// Continue stack // Continue stack
return c.Next() return c.Next()
} }