lunny/tango
lunny/tango
5
13
Fork 3
Code Issues 6 Pull Requests Actions Releases 14 Wiki Activity
Page: ZH_Xsrf
Pages
Actions Basicauth Binding Captcha Compress Context Debug Dispatch ErrHandler Events Flash Forms Group Handler Home Injection Logger Params QuickStart Recovery Renders Return Router Session Static Tango Tpongo2 Xsrf ZH_Actions ZH_Basicauth ZH_Binding ZH_Captcha ZH_Compress ZH_Context ZH_Debug ZH_Dispatch ZH_ErrHandler ZH_Events ZH_Flash ZH_Forms ZH_Group ZH_HOME ZH_Handler ZH_Injection ZH_Logger ZH_Params ZH_Recovery ZH_Renders ZH_Return ZH_Router ZH_Session ZH_Static ZH_Tango ZH_Tpongo2 ZH_Xsrf
8 ZH_Xsrf
Lunny Xiao edited this page 2019-11-27 09:08:08 +08:00
Unescape Escape
Table of Contents
This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

XSRF 是一个 Tango 的 XSRF 中间件.

可以起到防止跨站请求伪造和表单重复提交的作用。

安装

go get gitea.com/tango/xsrf

示例

type Action struct {
    render.Render
    xsrf.Checker
}

func (a *Action) Get() error {
    return a.Render("test.html", render.T{
        "XsrfFormHtml": a.XsrfFormHtml(),
    })
}

func (a *Action) Post() {
    //中间件会自动检查XSRF如果校验失败会输出默认的错误信息
}

func main() {
    t := tango.Classic()
    t.Use(xsrf.New(expireTime))  //expireTime为XSRF值的刷新时间
    t.Run()
}

如果希望某个Action不进行校验XSRF可以在Action结构体中使用xsrf.NoCheck

type Action struct {
    xsrf.NoCheck
}

如果希望某个Action不自动校验XSRF改为自己校验XSRF后输出自定义的XSRF错误信息则需要实现中间件的AutoCheck()方法:

type Action struct {
    xsrf.Checker
}

func (a *Action) AutoCheck() bool {
    return false
}

func (a *Action) Post() {
    if a.IsValid() == false {
        //这里写XSRF校验失败的代码
    }
}

还可以在XSRF校验之后执行 Renew() 方法来生成新的XSRF值起到防止表单刷新的作用

type Action struct {
    xsrf.Checker
}

func (a *Action) AutoCheck() bool {
    return false
}

func (a *Action) Post() {
    if a.IsValid() == false {
        //这里写XSRF校验失败的代码
    }
    a.Renew()  //重新生成新的XSRF值刷新表单时XSRF会校验失败
}