[CSRF Middleware in Gin] #gin #csrf #middleware

csrf_middleware.go

func csrfMiddleware(c *gin.Context) {
	method := strings.ToUpper(c.Request.Method)
	if method == "POST" || method == "PUT" || method == "DELETE" {
		if _csrf, err := CSRFToken(c.GetHeader("X-Csrf-Token")); err != nil || _csrf != "csrf" {
			logger.Errorln(err, _csrf)
			c.AbortWithStatusJSON(http.StatusBadRequest, Resp{
				Code: -1,
				Msg:  "CSRF Validate Error",
			})
			return
		}
	}
	csrf := MD5(RandomString())
	_, _ = CSRFToken(csrf, "csrf")
	c.Header("X-Csrf-Token", csrf)
	c.Next()
}

// CSRFToken - save token in session / redis / others