mirror of
https://github.com/labstack/echo.git
synced 2024-12-24 20:14:31 +02:00
Minor fix in jwt and csrf middleware
Signed-off-by: Vishal Rana <vr@labstack.com>
This commit is contained in:
parent
7e52ad4dd5
commit
dc244c173d
@ -20,14 +20,14 @@ type (
|
||||
// Key to create CSRF token.
|
||||
Secret []byte `json:"secret"`
|
||||
|
||||
// Lookup is a string in the form of "<source>:<key>" that is used to extract
|
||||
// token from the request.
|
||||
// TokenLookup is a string in the form of "<source>:<key>" that is used
|
||||
// to extract token from the request.
|
||||
// Optional. Default value "header:X-CSRF-Token".
|
||||
// Possible values:
|
||||
// - "header:<name>"
|
||||
// - "form:<name>"
|
||||
// - "header:<name>"
|
||||
Lookup string `json:"lookup"`
|
||||
TokenLookup string `json:"token_lookup"`
|
||||
|
||||
// Context key to store generated CSRF token into context.
|
||||
// Optional. Default value "csrf".
|
||||
@ -66,7 +66,7 @@ type (
|
||||
var (
|
||||
// DefaultCSRFConfig is the default CSRF middleware config.
|
||||
DefaultCSRFConfig = CSRFConfig{
|
||||
Lookup: "header:" + echo.HeaderXCSRFToken,
|
||||
TokenLookup: "header:" + echo.HeaderXCSRFToken,
|
||||
ContextKey: "csrf",
|
||||
CookieName: "csrf",
|
||||
CookieExpires: time.Now().Add(24 * time.Hour),
|
||||
@ -88,8 +88,8 @@ func CSRFWithConfig(config CSRFConfig) echo.MiddlewareFunc {
|
||||
if config.Secret == nil {
|
||||
panic("csrf secret must be provided")
|
||||
}
|
||||
if config.Lookup == "" {
|
||||
config.Lookup = DefaultCSRFConfig.Lookup
|
||||
if config.TokenLookup == "" {
|
||||
config.TokenLookup = DefaultCSRFConfig.TokenLookup
|
||||
}
|
||||
if config.ContextKey == "" {
|
||||
config.ContextKey = DefaultCSRFConfig.ContextKey
|
||||
@ -102,7 +102,7 @@ func CSRFWithConfig(config CSRFConfig) echo.MiddlewareFunc {
|
||||
}
|
||||
|
||||
// Initialize
|
||||
parts := strings.Split(config.Lookup, ":")
|
||||
parts := strings.Split(config.TokenLookup, ":")
|
||||
extractor := csrfTokenFromHeader(parts[1])
|
||||
switch parts[0] {
|
||||
case "form":
|
||||
|
@ -25,13 +25,13 @@ type (
|
||||
// Optional. Default value "user".
|
||||
ContextKey string `json:"context_key"`
|
||||
|
||||
// Lookup is a string in the form of "<source>:<key>" that is used to extract
|
||||
// token from the request.
|
||||
// TokenLookup is a string in the form of "<source>:<name>" that is used
|
||||
// to extract token from the request.
|
||||
// Optional. Default value "header:Authorization".
|
||||
// Possible values:
|
||||
// - "header:<name>"
|
||||
// - "form:<name>"
|
||||
Lookup string `json:"lookup"`
|
||||
// - "query:<name>"
|
||||
TokenLookup string `json:"token_lookup"`
|
||||
}
|
||||
|
||||
jwtExtractor func(echo.Context) (string, error)
|
||||
@ -51,7 +51,7 @@ var (
|
||||
DefaultJWTConfig = JWTConfig{
|
||||
SigningMethod: AlgorithmHS256,
|
||||
ContextKey: "user",
|
||||
Lookup: "header:" + echo.HeaderAuthorization,
|
||||
TokenLookup: "header:" + echo.HeaderAuthorization,
|
||||
}
|
||||
)
|
||||
|
||||
@ -81,15 +81,15 @@ func JWTWithConfig(config JWTConfig) echo.MiddlewareFunc {
|
||||
if config.ContextKey == "" {
|
||||
config.ContextKey = DefaultJWTConfig.ContextKey
|
||||
}
|
||||
if config.Lookup == "" {
|
||||
config.Lookup = DefaultJWTConfig.Lookup
|
||||
if config.TokenLookup == "" {
|
||||
config.TokenLookup = DefaultJWTConfig.TokenLookup
|
||||
}
|
||||
|
||||
// Initialize
|
||||
parts := strings.Split(config.Lookup, ":")
|
||||
parts := strings.Split(config.TokenLookup, ":")
|
||||
extractor := jwtFromHeader(parts[1])
|
||||
switch parts[0] {
|
||||
case "form":
|
||||
case "query":
|
||||
extractor = jwtFromQuery(parts[1])
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user