diff options
Diffstat (limited to 'csrf')
| -rw-r--r-- | csrf/csrf.go | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/csrf/csrf.go b/csrf/csrf.go new file mode 100644 index 0000000..18fdb81 --- /dev/null +++ b/csrf/csrf.go @@ -0,0 +1,31 @@ +package csrf + +import ( + "html/template" + "net/http" + + "github.com/gorilla/csrf" + "github.com/gorilla/securecookie" +) + +func Handler() func(http.Handler) http.Handler { + return csrf.Protect( + securecookie.GenerateRandomKey(32), + csrf.SameSite(csrf.SameSiteStrictMode), + csrf.FieldName("csrf.csrffield"), // should match the structure in `Csrf` + ) +} + +// Csrf handles the CSRF data for a form. +// Include it verbatim and then use `{{.CsrfField}}` in templates. +type Csrf struct { + CsrfField template.HTML `form:"-" schema:"-"` +} + +func (c *Csrf) SetCsrfField(r *http.Request) { + c.CsrfField = csrf.TemplateField(r) +} + +type Enabled interface { + SetCsrfField(r *http.Request) +} |