/gin-csrf

CSRF protection middleware for Gin.

Primary LanguageGoMIT LicenseMIT

gin-csrf Build Status

CSRF protection middleware for Gin. This middleware has to be used with gin-contrib/sessions.

Original credit to tommy351 and utrack

What did I make?

following condition will update csrf token

  1. every ignore methods (ex. "GET","HEAD"...)
  2. token is valid
  3. session have not csrf salt

add whitelist Url and blacklist Url
whitelist is unconditional valid.
blacklist is skip "IgnoreMethods" condition and mandatory verification.

Installation

$ go get github.com/utrack/gin-csrf

Usage

import (
    "errors"

    "github.com/gin-gonic/gin"
    "github.com/gin-contrib/sessions"
    "github.com/utrack/gin-csrf"
)

func main(){
    r := gin.Default()
    store := cookie.NewStore([]byte("cookie_secret"))
    r.Use(sessions.Sessions("session_name_in_cookie", store))
    r.Use(csrf.Middleware(csrf.Options{
	Secret: "csrf_secret",
	ErrorFunc: func(c *gin.Context){
		c.String(400, "CSRF token mismatch")
		c.Abort()
	},
    }))

    r.GET("/protected", func(c *gin.Context){
        c.String(200, csrf.GetToken(c))
    })

    r.POST("/protected", func(c *gin.Context){
        c.String(200, "CSRF token is valid")
    })
}