CSRF (XSRF) Token generation and validation for Go web app.
CSRF token generation and validation for cross server communication.
Usage:
go get github.com/postfix/csrf
import (
"github.com/postfix/csrf"
"time"
)
//Init
// csrf.Key = []byte("changme") // Secret hmac key
// OR gen key at startup
csrf.Key = csrf.Rand16()
csrf.Timeout = 24 * time.Hour // 1d expiration
// Generate
actionid := string("POST /form")
sessionid :=string(usersession)
csrftoken := csrf.NewToken(actionid,sessionid)
//Validate
if !csrf.Valid(csrftoken,actionid,sessionid) {
fmt.Println("Error: csrf token not valid")
}