New creates a new middleware handler
(config ...Config)
| 54 | |
| 55 | // New creates a new middleware handler |
| 56 | func New(config ...Config) fiber.Handler { |
| 57 | registerLogContextTagsOnce.Do(registerLogContextTags) |
| 58 | |
| 59 | // Set default config |
| 60 | cfg := configDefault(config...) |
| 61 | |
| 62 | redactKeys := !cfg.DisableValueRedaction |
| 63 | |
| 64 | maskValue := func(value string) string { |
| 65 | if redactKeys { |
| 66 | return redactedKey |
| 67 | } |
| 68 | return value |
| 69 | } |
| 70 | |
| 71 | // Create manager to simplify storage operations ( see *_manager.go ) |
| 72 | var sessionManager *sessionManager |
| 73 | var storageManager *storageManager |
| 74 | if cfg.Session != nil { |
| 75 | sessionManager = newSessionManager(cfg.Session) |
| 76 | } else { |
| 77 | storageManager = newStorageManager(cfg.Storage, redactKeys) |
| 78 | } |
| 79 | |
| 80 | // Pre-parse trusted origins |
| 81 | trustedOrigins := []string{} |
| 82 | trustedSubOrigins := []subdomain{} |
| 83 | |
| 84 | for _, origin := range cfg.TrustedOrigins { |
| 85 | trimmedOrigin := utils.TrimSpace(origin) |
| 86 | if i := strings.Index(trimmedOrigin, "://*."); i != -1 { |
| 87 | withoutWildcard := trimmedOrigin[:i+len("://")] + trimmedOrigin[i+len("://*."):] |
| 88 | isValid, normalizedOrigin := normalizeOrigin(withoutWildcard) |
| 89 | if !isValid { |
| 90 | panic("[CSRF] Invalid origin format in configuration:" + maskValue(origin)) |
| 91 | } |
| 92 | schemeSep := strings.Index(normalizedOrigin, "://") + len("://") |
| 93 | sd := subdomain{prefix: normalizedOrigin[:schemeSep], suffix: normalizedOrigin[schemeSep:]} |
| 94 | trustedSubOrigins = append(trustedSubOrigins, sd) |
| 95 | } else { |
| 96 | isValid, normalizedOrigin := normalizeOrigin(trimmedOrigin) |
| 97 | if !isValid { |
| 98 | panic("[CSRF] Invalid origin format in configuration:" + maskValue(origin)) |
| 99 | } |
| 100 | trustedOrigins = append(trustedOrigins, normalizedOrigin) |
| 101 | } |
| 102 | } |
| 103 | |
| 104 | // Create the handler outside of the returned function |
| 105 | handler := &Handler{ |
| 106 | config: cfg, |
| 107 | sessionManager: sessionManager, |
| 108 | storageManager: storageManager, |
| 109 | } |
| 110 | |
| 111 | // Return new handler |
| 112 | return func(c fiber.Ctx) error { |
| 113 | // Don't execute middleware if Next returns true |