fiber Architecture Docs
Home / Function/ Test_CSRF() — fiber Function Reference

Test_CSRF() — fiber Function Reference

Architecture documentation for the Test_CSRF() function in csrf_test.go from the fiber codebase.

Function go FiberMiddleware Security

Entity Profile

Dependency Diagram

graph TD
  433f9ec8_8cd0_47df_91f0_cae736ad2982["Test_CSRF()"]
  306a0c68_f5a5_b368_f37a_1419425a8fea["csrf_test.go"]
  433f9ec8_8cd0_47df_91f0_cae736ad2982 -->|defined in| 306a0c68_f5a5_b368_f37a_1419425a8fea
  style 433f9ec8_8cd0_47df_91f0_cae736ad2982 fill:#6366f1,stroke:#818cf8,color:#fff

Relationship Graph

Source Code

middleware/csrf/csrf_test.go lines 197–251

func Test_CSRF(t *testing.T) {
	t.Parallel()
	app := fiber.New()

	app.Use(New())

	app.Post("/", func(c fiber.Ctx) error {
		return c.SendStatus(fiber.StatusOK)
	})

	h := app.Handler()
	ctx := &fasthttp.RequestCtx{}

	methods := [4]string{fiber.MethodGet, fiber.MethodHead, fiber.MethodOptions, fiber.MethodTrace}

	for _, method := range methods {
		// Generate CSRF token
		ctx.Request.Header.SetMethod(method)
		h(ctx)

		// Without CSRF cookie
		ctx.Request.Header.Reset()
		ctx.Request.ResetBody()
		ctx.Response.Reset()
		ctx.Request.Header.SetMethod(fiber.MethodPost)
		h(ctx)
		require.Equal(t, 403, ctx.Response.StatusCode())

		// Invalid CSRF token
		ctx.Request.Header.Reset()
		ctx.Request.ResetBody()
		ctx.Response.Reset()
		ctx.Request.Header.SetMethod(fiber.MethodPost)
		ctx.Request.Header.Set(HeaderName, "johndoe")
		h(ctx)
		require.Equal(t, 403, ctx.Response.StatusCode())

		// Valid CSRF token
		ctx.Request.Header.Reset()
		ctx.Request.ResetBody()
		ctx.Response.Reset()
		ctx.Request.Header.SetMethod(method)
		h(ctx)
		token := string(ctx.Response.Header.Peek(fiber.HeaderSetCookie))
		token = strings.Split(strings.Split(token, ";")[0], "=")[1]

		ctx.Request.Reset()
		ctx.Response.Reset()
		ctx.Request.Header.SetMethod(fiber.MethodPost)
		ctx.Request.Header.Set(HeaderName, token)
		ctx.Request.Header.SetCookie(ConfigDefault.CookieName, token)
		h(ctx)
		require.Equal(t, 200, ctx.Response.StatusCode())
	}
}

Domain

Subdomains

Defined In

Source

Frequently Asked Questions

What does Test_CSRF() do?
Test_CSRF() is a function in the fiber codebase, defined in middleware/csrf/csrf_test.go.
Where is Test_CSRF() defined?
Test_CSRF() is defined in middleware/csrf/csrf_test.go at line 197.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free