starred/godoxy
1
0
Fork 0
mirror of https://github.com/yusing/godoxy.git synced 2026-04-22 16:58:54 +02:00
Code Issues 18 Packages Projects Releases 10 Wiki Activity

feat(auth): add CSRF protection middleware

Browse Source 
Implement Signed Double Submit Cookie pattern to prevent CSRF attacks.
Adds CSRF token generation, validation, and middleware for API endpoints.
Safe methods (GET/HEAD/OPTIONS) automatically receive CSRF cookies, while
unsafe methods require X-CSRF-Token header matching the cookie value with
valid HMAC signature. Includes same-origin exemption for login/callback
endpoints to support browser-based authentication flows.
This commit is contained in:
yusing
2026-03-19 14:55:47 +08:00
parent a541d75bb5
commit 213e4a5cdb
6 changed files with 480 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
internal/api/v1/cert/renew.go
View File

@@ -19,6 +19,7 @@ import (
// @Tags cert,websocket
// @Produce plain
// @Success 200 {object} apitypes.SuccessResponse
// @Failure 400 {object} apitypes.ErrorResponse
// @Failure 403 {object} apitypes.ErrorResponse
// @Failure 500 {object} apitypes.ErrorResponse
// @Router /cert/renew [get]