97da409533
🎨 Style!: Update CSRF and Limiter to remove repetitive names ( #2846 )
...
chore!: Update CSRF and Limiter to remove repetitive names
The `exported` rule of revive warns to not repeat the package name in
method names. For example, prefer `csrf.FromCookie` over
`csrf.CsrfFromCookie`.
This is a breaking change for v3.
It appears that these issues will not be caught by the linter until the
`exported` rule is reenabled. This requires comments on all exported
symbols, which is a much broader effort.
2024-02-10 19:50:29 +01:00
59410278f1
chore: change interface{} to any ( #2796 )
2024-01-14 23:04:54 +03:00
2954e3bbae
♻️ v3: fix!: ContextKey collisions ( #2781 )
...
* fix: ContextKey collisions
* fix(logger): lint error
* docs(csrf): fix potential range error in example
2024-01-04 09:44:45 +01:00
f37238e494
v3: fix CSRF tests and linter warnings
2023-11-07 20:37:57 +03:00
6ea4d81331
Merge branch 'master' into v3-beta
2023-11-07 20:22:31 +03:00
8c3916dbf4
Merge pull request from GHSA-94w9-97p3-p368
...
* feat: improved csrf with session support
* fix: double submit cookie
* feat: add warning cookie extractor without session
* feat: add warning CsrfFromCookie SameSite
* fix: use byes.Equal instead
* fix: Overriden CookieName KeyLookup cookie:<name>
* feat: Create helpers.go
* feat: use compareTokens (constant time compare)
* feat: validate cookie to prevent token injection
* refactor: clean up csrf.go
* docs: update comment about Double Submit Cookie
* docs: update docs for CSRF changes
* feat: add DeleteToken
* refactor: no else
* test: add more tests
* refactor: re-order tests
* docs: update safe methods RCF add note
* test: add CSRF_Cookie_Injection_Exploit
* feat: add SingleUseToken config
* test: check for new token
* docs: use warning
* fix: always register type Token
* feat: use UUIDv4
* test: swap in UUIDv4 here too
* fix: raw token injection
* fix: merege error
* feat: Sentinel errors
* chore: rename test
* fix: url parse
* test: add path to referer
* test: add expiration tests
* docs: add cookie prefix note
* docs: fix typo
* docs: add warning for refer checks
* test: add referer edge cases
And call ctx.Request.Reset() and
ctx.Response.Reset() before re-using ctx.
2023-10-16 09:06:30 +02:00
b50d91d58e
Merge pull request from GHSA-94w9-97p3-p368
...
* feat: improved csrf with session support
* fix: double submit cookie
* feat: add warning cookie extractor without session
* feat: add warning CsrfFromCookie SameSite
* fix: use byes.Equal instead
* fix: Overriden CookieName KeyLookup cookie:<name>
* feat: Create helpers.go
* feat: use compareTokens (constant time compare)
* feat: validate cookie to prevent token injection
* refactor: clean up csrf.go
* docs: update comment about Double Submit Cookie
* docs: update docs for CSRF changes
* feat: add DeleteToken
* refactor: no else
* test: add more tests
* refactor: re-order tests
* docs: update safe methods RCF add note
* test: add CSRF_Cookie_Injection_Exploit
* feat: add SingleUseToken config
* test: check for new token
* docs: use warning
* fix: always register type Token
* feat: use UUIDv4
* test: swap in UUIDv4 here too
2023-10-11 14:41:42 +02:00
088cde594d
Merge remote-tracking branch 'origin/master' into v3-beta
2023-02-05 23:43:42 +03:00
167a8b5e94
🚀 Feature: Add and apply more stricter golangci-lint linting rules ( #2286 )
...
* golangci-lint: add and apply more stricter linting rules
* github: drop security workflow now that we use gosec linter inside golangci-lint
* github: use official golangci-lint CI linter
* Add editorconfig and gitattributes file
2023-01-27 09:01:37 +01:00
319b8ea3a8
Merge remote-tracking branch 'origin/master' into v3-beta
2022-09-03 23:56:45 +03:00
6272d759eb
🚀 [Feature]: middleware/csrf custom extractor ( #2052 )
...
* feat(middleware/csrf): allow custom Extractor
* test: update Test_CSRF_From_Custom
* docs: add comma
* docs: update KeyLookup docs
2022-08-28 18:57:47 +02:00
a458bd344c
✨ v3 (feature): convert fiber.Ctx type to interface ( #1928 )
...
* ✨ v3: convert fiber.Ctx type to interface
* update ctx methods
* add new methods to customize ctx, fix some problems
* update comments.
* fix something
2022-07-13 07:48:29 +02:00
1188144d78
🎉 v3: init
2022-05-31 17:35:49 +03:00
68fcd8c88f
Feature: Session Only Cookies ( #1752 )
...
* feat(ctx): add SessionOnly property on Cookie struct
* feat(middleware/config): add CookieSessionOnly property on middleware Config struct
* feat(csrf): link config CookieSessionOnly with fiber.Cookie in create middleware function
* fix(ctx_test): add tests for SessionOnly cookie in test_ctx_cookie
* fix(readme): update readme in csrf middleware for CookieSessionOnly property
* remove deprecated property from CookieSessionOnly explaination comments
2022-02-07 13:35:00 +01:00
59e4bf6cc5
🔧 fix(middleware/csrf): unmatched token returns nil error ( #1667 )
...
* Update csrf.go
* Update csrf_test.go
* fix(middleware/csrf): missing token return and unit test
* Update csrf_test.go
2021-12-29 02:13:20 +01:00
13f0d5bb61
Remove global variable
2021-03-09 09:29:47 -05:00
b31953ab8d
Revert "Remove global variable"
...
This reverts commit 2d4d2f7c
2021-03-01 16:38:56 -05:00
2d4d2f7c47
Remove global variable
2021-03-01 16:30:04 -05:00
86e43593cd
CSRF MW Restructuring
2021-03-01 16:25:32 -05:00
53e5dc523e
🩹 Fix: CSRF middleware cookie<>storage bug squashed and other improvements ( #1180 )
...
* expire cookie on Post, Delete, Patch and Put
Cookie should always expire on Post, Delete, Patch and Put as it is either valid and will be removed from storage, or is not in storage and invalid
* token and cookie match
* retrigger checks
* csrf tests
* csrf per session strategy
2021-03-01 17:44:17 +01:00
19e6a4429d
add custom error func for csrf middleware
2021-01-23 03:45:47 +09:00
86f258c4ae
fixed cookie error in csrf.go
2020-12-10 10:45:21 +05:30
323d9d89cc
🩹 fix manager logic
2020-11-23 07:38:42 +01:00
9be8eedcc6
🩹 fix cache mw
...
Co-Authored-By: RW <7063188+ReneWerner87@users.noreply.github.com>
2020-11-17 13:03:18 +01:00
6338ce855c
🩹 fix csrf test
2020-11-14 03:09:53 +01:00
ef35d00a79
🦺 simplify session config
2020-11-11 23:51:32 +01:00
ec8fdb32de
🧽 clean code structure
2020-11-11 21:44:37 +01:00
b29d500fc0
🩹 verify csrf on state changing methods
2020-11-11 21:39:22 +01:00
ce897c0b66
🩹 fix tests
2020-11-11 18:34:46 +01:00
66ee4de7d8
🕊 rename token to key
2020-11-11 18:19:53 +01:00
1bd7b1b15b
✏ fix typo
2020-11-11 16:41:26 +01:00
053dfd383d
🩹 fix crsf middleware
2020-11-11 15:25:35 +01:00
8bd50de610
🧹 housekeeping
2020-11-11 13:54:27 +01:00
d8e763e366
🩹 Keep csrf token per session
2020-10-27 12:15:51 +08:00
5ea5bbfd44
👷 Improve csrf middleware
...
- Skip non GET/POST http method
- Delete token if matched
- Use cfg.Expiration instead of cfg.CookieExpires
2020-10-24 10:19:40 +08:00
b1d19f4a21
Merge pull request #958 from Fenny/master
...
🩹 add memory storage for csrf
2020-10-23 16:01:28 -07:00
9f2c0691b0
🩹 fix test cases
2020-10-24 01:00:09 +02:00
3f7b80e9a6
✏ fix typo
2020-10-24 00:19:38 +02:00
d3cf0e55e7
🩹 add memory storage for csrf
2020-10-24 00:18:25 +02:00
25db10b220
📝 Correct CSRF comment
2020-10-23 17:20:25 -04:00
1fe6d3b25d
Use default values for cookie fields
2020-10-03 10:52:06 -04:00
4898778e28
🐛 Move cookie expires outside of if
2020-10-03 10:50:29 -04:00
867f2fc0a8
🐛 Fix passing partial cookie to csrf.New
2020-10-03 10:41:14 -04:00
4ed6fff7b3
🍪 fix typo
2020-09-30 15:55:21 +02:00
ba3d08ef6d
🍪 csrf default to Strict if left empty in config
2020-09-30 15:55:01 +02:00
d6f717148a
🛠 correct convert naming
2020-09-27 12:22:17 +02:00
9d10f0e5b6
📦 set csrf same-site to strict
2020-09-25 00:42:51 +02:00
b94f238b83
🍪 default cookie name
2020-09-24 21:12:52 +02:00
c2554d7969
🍪 allow SameSite option
2020-09-24 21:08:10 +02:00
ebe107d54f
📘 add csrf readme
2020-09-16 15:36:33 +02:00
nickajacks1
Jason McNeil
Muhammed Efe Cetin
leonklingele
Abhishek Mehandiratta
hi019
hinoguma
amalshaji
Fenny
kiyon
Joey B
hi019