Mirrors/kararas_iris
1
0
Fork 0
mirror of https://github.com/kataras/iris.git synced 2025-12-20 03:17:04 +00:00
Code Releases Activity

add experimental handlers examples

Browse Source 
Former-commit-id: 8d8a0d15afce2554dc5926f6b9bd9c42cb95dad0
This commit is contained in:
Gerasimos (Makis) Maropoulos
2019-08-16 16:57:03 +03:00
parent db433f7dca
commit a7635afe62
21 changed files with 644 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
_examples/experimental-handlers/csrf/main.go Normal file
View File

@@ -0,0 +1,55 @@
// This middleware provides Cross-Site Request Forgery
// protection.
//
// It securely generates a masked (unique-per-request) token that
// can be embedded in the HTTP response (e.g. form field or HTTP header).
// The original (unmasked) token is stored in the session, which is inaccessible
// by an attacker (provided you are using HTTPS). Subsequent requests are
// expected to include this token, which is compared against the session token.
// Requests that do not provide a matching token are served with a HTTP 403
// 'Forbidden' error response.
package main
// $ go get -u github.com/iris-contrib/middleware/...
import (
"github.com/kataras/iris"
"github.com/iris-contrib/middleware/csrf"
)
func main() {
app := iris.New()
app.RegisterView(iris.HTML("./views", ".html"))
// Note that the authentication key provided should be 32 bytes
// long and persist across application restarts.
protect := csrf.Protect([]byte("9AB0F421E53A477C084477AEA06096F5"),
csrf.Secure(false)) // Defaults to true, but pass `false` while no https (devmode).
users := app.Party("/user", protect)
{
users.Get("/signup", getSignupForm)
// // POST requests without a valid token will return a HTTP 403 Forbidden.
users.Post("/signup", postSignupForm)
}
// GET: http://localhost:8080/user/signup
// POST: http://localhost:8080/user/signup
app.Run(iris.Addr(":8080"))
}
func getSignupForm(ctx iris.Context) {
// views/user/signup.html just needs a {{ .csrfField }} template tag for
// csrf.TemplateField to inject the CSRF token into. Easy!
ctx.ViewData(csrf.TemplateTag, csrf.TemplateField(ctx))
ctx.View("user/signup.html")
// We could also retrieve the token directly from csrf.Token(ctx) and
// set it in the request header - ctx.GetHeader("X-CSRF-Token", token)
// This is useful if you're sending JSON to clients or a front-end JavaScript
// framework.
}
func postSignupForm(ctx iris.Context) {
ctx.Writef("You're welcome mate!")
}