mirror of
https://github.com/gofiber/fiber.git
synced 2025-05-31 11:52:41 +00:00
b50d91d58e
* feat: improved csrf with session support * fix: double submit cookie * feat: add warning cookie extractor without session * feat: add warning CsrfFromCookie SameSite * fix: use byes.Equal instead * fix: Overriden CookieName KeyLookup cookie:<name> * feat: Create helpers.go * feat: use compareTokens (constant time compare) * feat: validate cookie to prevent token injection * refactor: clean up csrf.go * docs: update comment about Double Submit Cookie * docs: update docs for CSRF changes * feat: add DeleteToken * refactor: no else * test: add more tests * refactor: re-order tests * docs: update safe methods RCF add note * test: add CSRF_Cookie_Injection_Exploit * feat: add SingleUseToken config * test: check for new token * docs: use warning * fix: always register type Token * feat: use UUIDv4 * test: swap in UUIDv4 here too
91 lines
1.7 KiB
Go
91 lines
1.7 KiB
Go
package csrf
|
|
|
|
// Code generated by github.com/tinylib/msgp DO NOT EDIT.
|
|
|
|
import (
|
|
"github.com/tinylib/msgp/msgp"
|
|
)
|
|
|
|
// DecodeMsg implements msgp.Decodable
|
|
func (z *item) DecodeMsg(dc *msgp.Reader) (err error) {
|
|
var field []byte
|
|
_ = field
|
|
var zb0001 uint32
|
|
zb0001, err = dc.ReadMapHeader()
|
|
if err != nil {
|
|
err = msgp.WrapError(err)
|
|
return
|
|
}
|
|
for zb0001 > 0 {
|
|
zb0001--
|
|
field, err = dc.ReadMapKeyPtr()
|
|
if err != nil {
|
|
err = msgp.WrapError(err)
|
|
return
|
|
}
|
|
switch msgp.UnsafeString(field) {
|
|
default:
|
|
err = dc.Skip()
|
|
if err != nil {
|
|
err = msgp.WrapError(err)
|
|
return
|
|
}
|
|
}
|
|
}
|
|
return
|
|
}
|
|
|
|
// EncodeMsg implements msgp.Encodable
|
|
func (z item) EncodeMsg(en *msgp.Writer) (err error) {
|
|
// map header, size 0
|
|
err = en.Append(0x80)
|
|
if err != nil {
|
|
return
|
|
}
|
|
return
|
|
}
|
|
|
|
// MarshalMsg implements msgp.Marshaler
|
|
func (z item) MarshalMsg(b []byte) (o []byte, err error) {
|
|
o = msgp.Require(b, z.Msgsize())
|
|
// map header, size 0
|
|
o = append(o, 0x80)
|
|
return
|
|
}
|
|
|
|
// UnmarshalMsg implements msgp.Unmarshaler
|
|
func (z *item) UnmarshalMsg(bts []byte) (o []byte, err error) {
|
|
var field []byte
|
|
_ = field
|
|
var zb0001 uint32
|
|
zb0001, bts, err = msgp.ReadMapHeaderBytes(bts)
|
|
if err != nil {
|
|
err = msgp.WrapError(err)
|
|
return
|
|
}
|
|
for zb0001 > 0 {
|
|
zb0001--
|
|
field, bts, err = msgp.ReadMapKeyZC(bts)
|
|
if err != nil {
|
|
err = msgp.WrapError(err)
|
|
return
|
|
}
|
|
switch msgp.UnsafeString(field) {
|
|
default:
|
|
bts, err = msgp.Skip(bts)
|
|
if err != nil {
|
|
err = msgp.WrapError(err)
|
|
return
|
|
}
|
|
}
|
|
}
|
|
o = bts
|
|
return
|
|
}
|
|
|
|
// Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
|
|
func (z item) Msgsize() (s int) {
|
|
s = 1
|
|
return
|
|
}
|