29 lines
907 B
Go
29 lines
907 B
Go
// Package csrf provides Cross-Site Request Forgery (CSRF) protection
|
|
// with session-based token storage and form helpers.
|
|
//
|
|
// # Basic Usage
|
|
//
|
|
// // Generate token and store in session
|
|
// token := csrf.GenerateToken(ctx, authManager)
|
|
//
|
|
// // In templates - generate hidden input field
|
|
// hiddenField := csrf.HiddenField(ctx, authManager)
|
|
//
|
|
// // Verify form submission
|
|
// if !csrf.ValidateToken(ctx, authManager, formToken) {
|
|
// // Handle CSRF validation failure
|
|
// }
|
|
//
|
|
// # Middleware Integration
|
|
//
|
|
// // Add CSRF middleware to protected routes
|
|
// r.Use(middleware.CSRF(authManager))
|
|
//
|
|
// # Security Features
|
|
//
|
|
// - Cryptographically secure token generation
|
|
// - Session-based token storage and validation
|
|
// - Automatic token rotation on successful validation
|
|
// - Protection against timing attacks with constant-time comparison
|
|
// - Integration with existing authentication system
|
|
package csrf |