GOMODULES
/
fiber
mirror of https://github.com/gofiber/fiber.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,729 Commits
25 Branches
128 Tags
169 MiB
Commit Graph

31 Commits (2954e3bbae48b9dee63a191a9e683edd7f0ff0d7)

Author SHA1 Message Date
Jason McNeil 2954e3bbae
♻️ v3: fix!: ContextKey collisions (#2781) 
* fix: ContextKey collisions

* fix(logger): lint error

* docs(csrf): fix potential range error in example
 2024-01-04 09:44:45 +01:00
Muhammed Efe Cetin 6ea4d81331
Merge branch 'master' into v3-beta 2023-11-07 20:22:31 +03:00
Jason McNeil 8c3916dbf4
Merge pull request from GHSA-94w9-97p3-p368 
* feat: improved csrf with session support

* fix: double submit cookie

* feat: add warning cookie extractor without session

* feat: add warning CsrfFromCookie SameSite

* fix: use byes.Equal instead

* fix: Overriden CookieName KeyLookup cookie:<name>

* feat: Create helpers.go

* feat: use compareTokens (constant time compare)

* feat: validate cookie to prevent token injection

* refactor: clean up csrf.go

* docs: update comment about Double Submit Cookie

* docs: update docs for CSRF changes

* feat: add DeleteToken

* refactor: no else

* test: add more tests

* refactor: re-order tests

* docs: update safe methods RCF add note

* test: add CSRF_Cookie_Injection_Exploit

* feat: add SingleUseToken config

* test: check for new token

* docs: use warning

* fix: always register type Token

* feat: use UUIDv4

* test: swap in UUIDv4 here too

* fix: raw token injection

* fix: merege error

* feat: Sentinel errors

* chore: rename test

* fix: url parse

* test: add path to referer

* test: add expiration tests

* docs: add cookie prefix note

* docs: fix typo

* docs: add warning for refer checks

* test: add referer edge cases

And call ctx.Request.Reset() and
ctx.Response.Reset() before re-using ctx.
 2023-10-16 09:06:30 +02:00
Jason McNeil b50d91d58e
Merge pull request from GHSA-94w9-97p3-p368 
* feat: improved csrf with session support

* fix: double submit cookie

* feat: add warning cookie extractor without session

* feat: add warning CsrfFromCookie SameSite

* fix: use byes.Equal instead

* fix: Overriden CookieName KeyLookup cookie:<name>

* feat: Create helpers.go

* feat: use compareTokens (constant time compare)

* feat: validate cookie to prevent token injection

* refactor: clean up csrf.go

* docs: update comment about Double Submit Cookie

* docs: update docs for CSRF changes

* feat: add DeleteToken

* refactor: no else

* test: add more tests

* refactor: re-order tests

* docs: update safe methods RCF add note

* test: add CSRF_Cookie_Injection_Exploit

* feat: add SingleUseToken config

* test: check for new token

* docs: use warning

* fix: always register type Token

* feat: use UUIDv4

* test: swap in UUIDv4 here too
 2023-10-11 14:41:42 +02:00
Muhammed Efe Çetin 088cde594d
Merge remote-tracking branch 'origin/master' into v3-beta 2023-02-05 23:43:42 +03:00
leonklingele 167a8b5e94
🚀 Feature: Add and apply more stricter golangci-lint linting rules (#2286) 
* golangci-lint: add and apply more stricter linting rules

* github: drop security workflow now that we use gosec linter inside golangci-lint

* github: use official golangci-lint CI linter

* Add editorconfig and gitattributes file
 2023-01-27 09:01:37 +01:00
M. Efe Çetin 5406560033
🧹 chore: make most tests parallel (#2299) 
* 🧹 chore: make most tests parallel

* revert some tests

* revert some tests

* revert some tests
 2023-01-15 23:21:37 +08:00
Kris Carr f26d9b1d4e
v3 (deps): update to use gofiber/utils/v2 (#2184) 2022-10-31 16:44:53 +03:00
Muhammed Efe Çetin ca6f25a890
v3 (deps): move `utils` to `https://github.com/gofiber/utils` 2022-09-23 21:19:44 +03:00
Muhammed Efe Çetin 319b8ea3a8
Merge remote-tracking branch 'origin/master' into v3-beta 2022-09-03 23:56:45 +03:00
RW ec96d161a0
Fix csrf middleware behavior with header key lookup (#2063) 
* 🐛 [Bug]: Strange CSRF middleware behavior with header KeyLookup configuration #2045
 2022-08-30 14:48:31 +02:00
Jason McNeil 6272d759eb
🚀 [Feature]: middleware/csrf custom extractor (#2052) 
* feat(middleware/csrf): allow custom Extractor

* test: update Test_CSRF_From_Custom

* docs: add comma

* docs: update KeyLookup docs
 2022-08-28 18:57:47 +02:00
Trim21 c964fda009
v3(tests): use testify for assertion (#2036) 
* replace

* write

* rewrite more

* rewrite

* rewrite

* fix

* rewrite
 2022-08-22 07:57:10 +02:00
M. Efe Çetin a458bd344c
v3 (feature): convert fiber.Ctx type to interface (#1928) 
*  v3: convert fiber.Ctx type to interface

* update ctx methods

* add new methods to customize ctx, fix some problems

* update comments.

* fix something
 2022-07-13 07:48:29 +02:00
Muhammed Efe Çetin 1188144d78
🎉 v3: init 2022-05-31 17:35:49 +03:00
Jason McNeil 59e4bf6cc5
🔧 fix(middleware/csrf): unmatched token returns nil error (#1667) 
* Update csrf.go

* Update csrf_test.go

* fix(middleware/csrf): missing token return and unit test

* Update csrf_test.go
 2021-12-29 02:13:20 +01:00
Gusted 7b7dcf29f7
♻️ Tidy up the codebase (#1613) 
* run gofmt

* add t.Helper()

* Simplify assigns

* Simplify make operation

* Remove unused field in struct

* Fix typo

* Run gofumpt ./

* Consistent spacing

* len(...) can never be negative

* Use ReplaceAll

* Simplify operation

* Remove deadcode

* Fix typo

* Tidy up `} else { if ...`

* Fix AssertEqual

* Remove t.Helper() to fix go1.14.15
 2021-11-05 08:00:03 +01:00
Jason McNeil 53e5dc523e
🩹 Fix: CSRF middleware cookie<>storage bug squashed and other improvements (#1180) 
* expire cookie on Post, Delete, Patch and Put

Cookie should always expire on Post, Delete, Patch and Put as it is either valid and will be removed from storage, or is not in storage and invalid

* token and cookie match

* retrigger checks

* csrf tests

* csrf per session strategy
 2021-03-01 17:44:17 +01:00
hinoguma 1ad5a618cb make default handler to private. fix testcase for invalid token and empty token. 2021-01-23 12:39:27 +09:00
hinoguma 19e6a4429d add custom error func for csrf middleware 2021-01-23 03:45:47 +09:00
Fenny ce897c0b66 🩹 fix tests 2020-11-11 18:34:46 +01:00
Fenny 053dfd383d 🩹 fix crsf middleware 2020-11-11 15:25:35 +01:00
Fenny 9f2c0691b0 🩹 fix test cases 2020-10-24 01:00:09 +02:00
kiyon 616ff8f532 👷 remove unnecessary fiber app config 2020-09-17 13:41:06 +08:00
kiyon 0ad36c7526 👷 improve csrf mw test cases 
Co-authored-by: Rene rene@gofiber.io
 2020-09-16 15:17:17 +08:00
kiyon 3cedf2dc3e 👷 improve csrf mw test cases 2020-09-16 11:15:10 +08:00
kiyon e13411e184 👷 improve mw test cases 
add Next test case
 2020-09-16 09:44:05 +08:00
Fenny 2768ea2a77 🙌 make utils public 
Co-Authored-By: RW <7063188+ReneWerner87@users.noreply.github.com>
 2020-09-14 12:12:29 +02:00
Fenny a3cac71ae8 🔦 move utils to internal 2020-09-14 09:09:06 +02:00
Fenny b8cb100e28 v2 2020-09-14 05:47:17 +02:00
Fenny ec5d66e7a8 v2 2020-09-13 11:20:11 +02:00