1
0
mirror of https://github.com/labstack/echo.git synced 2024-12-24 20:14:31 +02:00

Minor fix in jwt and csrf middleware

Signed-off-by: Vishal Rana <vr@labstack.com>
This commit is contained in:
Vishal Rana 2016-05-26 19:23:46 -07:00
parent 7e52ad4dd5
commit dc244c173d
2 changed files with 16 additions and 16 deletions

View File

@ -20,14 +20,14 @@ type (
// Key to create CSRF token.
Secret []byte `json:"secret"`
// Lookup is a string in the form of "<source>:<key>" that is used to extract
// token from the request.
// TokenLookup is a string in the form of "<source>:<key>" that is used
// to extract token from the request.
// Optional. Default value "header:X-CSRF-Token".
// Possible values:
// - "header:<name>"
// - "form:<name>"
// - "header:<name>"
Lookup string `json:"lookup"`
TokenLookup string `json:"token_lookup"`
// Context key to store generated CSRF token into context.
// Optional. Default value "csrf".
@ -66,7 +66,7 @@ type (
var (
// DefaultCSRFConfig is the default CSRF middleware config.
DefaultCSRFConfig = CSRFConfig{
Lookup: "header:" + echo.HeaderXCSRFToken,
TokenLookup: "header:" + echo.HeaderXCSRFToken,
ContextKey: "csrf",
CookieName: "csrf",
CookieExpires: time.Now().Add(24 * time.Hour),
@ -88,8 +88,8 @@ func CSRFWithConfig(config CSRFConfig) echo.MiddlewareFunc {
if config.Secret == nil {
panic("csrf secret must be provided")
}
if config.Lookup == "" {
config.Lookup = DefaultCSRFConfig.Lookup
if config.TokenLookup == "" {
config.TokenLookup = DefaultCSRFConfig.TokenLookup
}
if config.ContextKey == "" {
config.ContextKey = DefaultCSRFConfig.ContextKey
@ -102,7 +102,7 @@ func CSRFWithConfig(config CSRFConfig) echo.MiddlewareFunc {
}
// Initialize
parts := strings.Split(config.Lookup, ":")
parts := strings.Split(config.TokenLookup, ":")
extractor := csrfTokenFromHeader(parts[1])
switch parts[0] {
case "form":

View File

@ -25,13 +25,13 @@ type (
// Optional. Default value "user".
ContextKey string `json:"context_key"`
// Lookup is a string in the form of "<source>:<key>" that is used to extract
// token from the request.
// TokenLookup is a string in the form of "<source>:<name>" that is used
// to extract token from the request.
// Optional. Default value "header:Authorization".
// Possible values:
// - "header:<name>"
// - "form:<name>"
Lookup string `json:"lookup"`
// - "query:<name>"
TokenLookup string `json:"token_lookup"`
}
jwtExtractor func(echo.Context) (string, error)
@ -51,7 +51,7 @@ var (
DefaultJWTConfig = JWTConfig{
SigningMethod: AlgorithmHS256,
ContextKey: "user",
Lookup: "header:" + echo.HeaderAuthorization,
TokenLookup: "header:" + echo.HeaderAuthorization,
}
)
@ -81,15 +81,15 @@ func JWTWithConfig(config JWTConfig) echo.MiddlewareFunc {
if config.ContextKey == "" {
config.ContextKey = DefaultJWTConfig.ContextKey
}
if config.Lookup == "" {
config.Lookup = DefaultJWTConfig.Lookup
if config.TokenLookup == "" {
config.TokenLookup = DefaultJWTConfig.TokenLookup
}
// Initialize
parts := strings.Split(config.Lookup, ":")
parts := strings.Split(config.TokenLookup, ":")
extractor := jwtFromHeader(parts[1])
switch parts[0] {
case "form":
case "query":
extractor = jwtFromQuery(parts[1])
}