GOMODULES
/
fiber
mirror of https://github.com/gofiber/fiber.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,682 Commits
25 Branches
128 Tags
169 MiB
Commit Graph

11 Commits (b1850834a341da80691e23afc5568b7a053fdffa)

Author SHA1 Message Date
Benjamin Grosse b1850834a3
fix: don't constrain middlewares' context-keys to strings 🐛 (#2751) 
* Revert "Revert "🐛 requestid.Config.ContextKey is interface{} (#2369)" (#2742)"

This reverts commit 28be17f929.

* fix: request ContextKey default value condition

Should check for `nil` since it is `any`.

* fix: don't constrain middlewares' context-keys to strings

`context` recommends using "unexported type" as context keys to avoid
collisions https://pkg.go.dev/github.com/gofiber/fiber/v2#Ctx.Locals.

The official go blog also recommends this https://go.dev/blog/context.

`fiber.Ctx.Locals(key any, value any)` correctly allows consumers to
use unexported types or e.g. strings.

But some fiber middlewares constrain their context-keys to `string` in
their "default config structs", making it impossible to use unexported
types.

This PR removes the `string` _constraint_ from all middlewares, allowing
to now use unexported types as per the official guidelines. However
the default value is still a string, so it's not a breaking change, and
anyone still using strings as context keys is not affected.
 2023-12-12 14:55:29 +01:00
Jason McNeil 2374cad3cd
📄 docs: improve csrf docs (#2726) 
* docs: improve csrf docs

- fix issues with `X-Csrf-Token` capitalization inconsistency.
- reduce redundancy and repetition.
- improve grammar.

* docs: update middleware description

* docs: within vs in

* docs: deleting tokens

* docs: MUST

* docs: add colon

* docs: all modern browsers

* docs: patterns

* docs: improve phrasing of pattern options
 2023-11-16 12:34:31 +01:00
Jason McNeil 4bf3695125
📄 docs: enhance csrf.md (#2692) 
* docs: enhance csrf.md

* docs: simplify language

* docs: update csrf.md

* docs: delete token/session reminders

* docs: and ! or
 2023-10-27 13:45:30 +02:00
RW 6f0d34d39e
Update csrf.md 2023-10-16 14:31:28 +02:00
Jason McNeil 8c3916dbf4
Merge pull request from GHSA-94w9-97p3-p368 
* feat: improved csrf with session support

* fix: double submit cookie

* feat: add warning cookie extractor without session

* feat: add warning CsrfFromCookie SameSite

* fix: use byes.Equal instead

* fix: Overriden CookieName KeyLookup cookie:<name>

* feat: Create helpers.go

* feat: use compareTokens (constant time compare)

* feat: validate cookie to prevent token injection

* refactor: clean up csrf.go

* docs: update comment about Double Submit Cookie

* docs: update docs for CSRF changes

* feat: add DeleteToken

* refactor: no else

* test: add more tests

* refactor: re-order tests

* docs: update safe methods RCF add note

* test: add CSRF_Cookie_Injection_Exploit

* feat: add SingleUseToken config

* test: check for new token

* docs: use warning

* fix: always register type Token

* feat: use UUIDv4

* test: swap in UUIDv4 here too

* fix: raw token injection

* fix: merege error

* feat: Sentinel errors

* chore: rename test

* fix: url parse

* test: add path to referer

* test: add expiration tests

* docs: add cookie prefix note

* docs: fix typo

* docs: add warning for refer checks

* test: add referer edge cases

And call ctx.Request.Reset() and
ctx.Response.Reset() before re-using ctx.
 2023-10-16 09:06:30 +02:00
Jason McNeil b50d91d58e
Merge pull request from GHSA-94w9-97p3-p368 
* feat: improved csrf with session support

* fix: double submit cookie

* feat: add warning cookie extractor without session

* feat: add warning CsrfFromCookie SameSite

* fix: use byes.Equal instead

* fix: Overriden CookieName KeyLookup cookie:<name>

* feat: Create helpers.go

* feat: use compareTokens (constant time compare)

* feat: validate cookie to prevent token injection

* refactor: clean up csrf.go

* docs: update comment about Double Submit Cookie

* docs: update docs for CSRF changes

* feat: add DeleteToken

* refactor: no else

* test: add more tests

* refactor: re-order tests

* docs: update safe methods RCF add note

* test: add CSRF_Cookie_Injection_Exploit

* feat: add SingleUseToken config

* test: check for new token

* docs: use warning

* fix: always register type Token

* feat: use UUIDv4

* test: swap in UUIDv4 here too
 2023-10-11 14:41:42 +02:00
René Werner 443804e95d improved the config section of the middleware readme´s 2023-07-24 17:03:11 +02:00
RW 51ea636b60
improved the config section of the middleware readme´s (#2552) 2023-07-24 16:46:50 +02:00
cmd777 8b1f9260a3
📚 Docs: Fix typos, and make middleware documentation more consistent (#2408) 
Fix typos, and make docs more consistent
This fixes several typos in the ISSUE_TEMPLATES, as well as improve
their readability, also makes the documentation markdowns more
consistent
 2023-04-10 10:48:12 +08:00
René Werner 1f52799686 Refresh middleware documentation 2023-03-24 13:23:52 +01:00
M. Efe Çetin b3643198f8
📝 docs: automated synchronization with `gofiber/docs` (#2344) 
Automated Synchronization with gofiber/docs repo
 2023-02-25 10:29:07 +01:00