csrf.go — fiber Source File

Architecture documentation for csrf.go, a go file in the fiber codebase. 1 imports, 0 dependents.

File go FiberMiddleware Security 1 imports 12 functions 4 classes

Entity Profile

FiberMiddleware→ Security→ csrf.go — fiber Source File

Dependency Diagram

graph LR
  57b9eed3_6274_c073_f0db_e3c30b2a59fe["csrf.go"]
  fcef1725_af89_d6cd_36cd_b228cdcc5acd["errors"]
  57b9eed3_6274_c073_f0db_e3c30b2a59fe --> fcef1725_af89_d6cd_36cd_b228cdcc5acd
  style 57b9eed3_6274_c073_f0db_e3c30b2a59fe fill:#6366f1,stroke:#818cf8,color:#fff

Relationship Graph

Source Code

package csrf

import (
	"errors"
	"fmt"
	"net/url"
	"slices"
	"strings"
	"time"

	"github.com/gofiber/fiber/v3"
	"github.com/gofiber/fiber/v3/extractors"
	"github.com/gofiber/utils/v2"
)

var (
	ErrTokenNotFound    = errors.New("csrf: token not found")
	ErrTokenInvalid     = errors.New("csrf: token invalid")
	ErrFetchSiteInvalid = errors.New("csrf: sec-fetch-site header invalid")
	ErrRefererNotFound  = errors.New("csrf: referer header missing")
	ErrRefererInvalid   = errors.New("csrf: referer header invalid")
	ErrRefererNoMatch   = errors.New("csrf: referer does not match host or trusted origins")
	ErrOriginInvalid    = errors.New("csrf: origin header invalid")
	ErrOriginNoMatch    = errors.New("csrf: origin does not match host or trusted origins")
	errOriginNotFound   = errors.New("origin not supplied or is null") // internal error, will not be returned to the user
	dummyValue          = []byte{'+'}                                  // dummyValue is a placeholder value stored in token storage. The actual token validation relies on the key, not this value.

)

// Handler for CSRF middleware
type Handler struct {
	sessionManager *sessionManager
	storageManager *storageManager
	config         Config
}

// The contextKey type is unexported to prevent collisions with context keys defined in
// other packages.
type contextKey int

// The keys for the values in context
const (
	tokenKey contextKey = iota
	handlerKey
)

// New creates a new middleware handler
func New(config ...Config) fiber.Handler {
	// Set default config
	cfg := configDefault(config...)

	redactKeys := !cfg.DisableValueRedaction

	maskValue := func(value string) string {
		if redactKeys {
			return redactedKey
		}
		return value
	}

// ... (340 more lines)

Domain

FiberMiddleware

Subdomains

Security

Functions

Classes

Types

Dependencies

errors

Source

View on GitHub

Frequently Asked Questions

What does csrf.go do?

csrf.go is a source file in the fiber codebase, written in go. It belongs to the FiberMiddleware domain, Security subdomain.

What functions are defined in csrf.go?

csrf.go defines 12 function(s): HandlerFromContext, New, TokenFromContext, createOrExtendTokenInStorage, deleteTokenFromStorage, expireCSRFCookie, getRawFromStorage, originMatchesHost, refererMatchesHost, setCSRFCookie, and 2 more.

What does csrf.go depend on?

csrf.go imports 1 module(s): errors.

Where is csrf.go in the architecture?

csrf.go is located at middleware/csrf/csrf.go (domain: FiberMiddleware, subdomain: Security, directory: middleware/csrf).

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free