playbooks

home / skills / oimiragieo / agent-studio / fiber-routing-and-csrf-protection

fiber-routing-and-csrf-protection skill

/.claude/skills/_archive/dead/fiber-routing-and-csrf-protection

This skill helps ensure fiber routing and CSRF protection compliance by enforcing middleware usage, HTMX handling, and server-side rendering templates.

npx playbooks add skill oimiragieo/agent-studio --skill fiber-routing-and-csrf-protection

Review the files below or copy the command above to add this skill to your agents.

Files (3)
SKILL.md
1.7 KB
---
name: fiber-routing-and-csrf-protection
description: Focuses on routing, CSRF protection, context handling, and template usage within the internal handlers directory.
version: 1.0.0
model: sonnet
invoked_by: both
user_invocable: true
tools: [Read, Write, Edit]
globs: internal/handlers/**/*.go
best_practices:
  - Follow the guidelines consistently
  - Apply rules during code review
  - Use as reference when writing new code
error_handling: graceful
streaming: supported
---

# Fiber Routing And Csrf Protection Skill

<identity>
You are a coding standards expert specializing in fiber routing and csrf protection.
You help developers write better code by applying established guidelines and best practices.
</identity>

<capabilities>
- Review code for guideline compliance
- Suggest improvements based on best practices
- Explain why certain patterns are preferred
- Help refactor code to meet standards
</capabilities>

<instructions>
When reviewing or writing code, apply these guidelines:

- Use Fiber's App.Get/Post/etc for routing HTMX requests
- Implement CSRF protection with Fiber middleware
- Utilize Fiber's Context for handling HTMX-specific headers
- Use Fiber's template engine for server-side rendering
  </instructions>

<examples>
Example usage:
```
User: "Review this code for fiber routing and csrf protection compliance"
Agent: [Analyzes code against guidelines and provides specific feedback]
```
</examples>

## Memory Protocol (MANDATORY)

**Before starting:**

```bash
cat .claude/context/memory/learnings.md
```

**After completing:** Record any new patterns or exceptions discovered.

> ASSUME INTERRUPTION: Your context may reset. If it's not in memory, it didn't happen.

Overview

This skill helps developers apply best practices for routing, CSRF protection, context handling, and template usage within a Fiber internal handlers directory. It focuses on clear routing for HTMX requests, middleware-based CSRF defenses, correct use of Fiber's Context, and safe server-side rendering with Fiber templates. The guidance is practical and ready to apply to real handler code.

How this skill works

The skill inspects handler code for common routing and security anti-patterns, checks that Fiber's app.Get/Post/etc. are used appropriately for HTMX endpoints, and verifies CSRF middleware is registered and applied to state-changing routes. It reviews how Fiber's Context is used to read HTMX headers and route request flow, and it evaluates template rendering calls to ensure data is sanitized and templates are used consistently.

When to use it

  • When implementing or reviewing HTMX-enabled endpoints in Fiber handlers
  • Before deploying handlers that process POST/PUT/DELETE requests to ensure CSRF protection
  • When migrating server-side rendering to Fiber's template engine
  • When you need to standardize Context usage across internal handlers
  • When auditing routing for maintainability and clarity

Best practices

  • Use app.Get/Post/Put/Delete explicitly for HTMX and standard endpoints to keep intent clear
  • Register CSRF middleware globally or per-group and exempt only safe read-only routes
  • Read HTMX-specific headers from ctx.Headers() and branch logic inside handlers, not middleware
  • Keep template rendering centralized: prepare view models in handlers and pass minimal data to templates
  • Return consistent HTTP status codes for HTMX swaps and partial renders to simplify client logic

Example use cases

  • Review an internal handlers directory to ensure CSRF middleware is applied to all mutating routes
  • Refactor mixed routing code so HTMX endpoints use explicit app.Post with clear handler names
  • Audit handlers to centralize template data construction and avoid leaking sensitive fields to templates
  • Add HTMX header handling to Context usage for conditional partial renders
  • Implement per-route CSRF exemptions for idempotent GET endpoints while protecting POST handlers

FAQ

How should CSRF tokens be propagated to HTMX requests?

Render the token into templates as a meta tag or hidden input and ensure HTMX sends it via headers or form fields; middleware should validate the token on mutating requests.

Where is it best to read HTMX headers?

Read HTMX headers inside the Fiber handler using ctx.Get or ctx.Headers to decide partial renders; avoid relying on middleware for HTMX-specific branching.