Logic behind CSRF token creation and validation.
Inspired by pillarjs/csrf. Read Understanding-CSRF for more information on CSRF.
$ go get -u github.com/omar-h/csrf
This is an example of how to initiliaze and use the package:
package main
import (
"fmt"
"github.com/omar-h/csrf"
)
func main() {
const secret = "erHUnxuhBMRIsVB1LfqmiWCgB83ZEerH"
CSRF := csrf.New(csrf.Config{
// Secret should persist over program restart.
Secret: secret,
SaltLen: 16,
})
salt := CSRF.GenerateSalt()
token := CSRF.GenerateToken(salt)
// Print the secret, a random salt and the token generated from them.
fmt.Println("Secret: ", secret)
fmt.Println("Salt: ", salt)
fmt.Println("Token: ", token)
// Returns true
CSRF.Verify(token)
}
CSRF is licensed under the MIT License.