From 4ec439a6f3f3c91b3dd6b5c8aca965a75c13da45 Mon Sep 17 00:00:00 2001
From: Alex Kotov <kotovalexarian@gmail.com>
Date: Fri, 16 Oct 2020 10:38:58 +0500
Subject: [PATCH] Remove barebone CSRF protection fairing

---
 src/csrf.rs | 101 ----------------------------------------------------
 src/main.rs |   1 -
 src/web.rs  |   2 --
 3 files changed, 104 deletions(-)
 delete mode 100644 src/csrf.rs

diff --git a/src/csrf.rs b/src/csrf.rs
deleted file mode 100644
index bcd803f..0000000
--- a/src/csrf.rs
+++ /dev/null
@@ -1,101 +0,0 @@
-use rocket::{Data, Request, Response, Rocket};
-use rocket::fairing::{Fairing as RocketFairing, Info, Kind};
-use rocket::http::{Cookie};
-
-const COOKIE_NAME: &str = "csrf_token";
-const EXPIRE_TIME: u32 = 2_629_746; // 1 month
-const REFRESH_TIME: u32 = 604_800; // 1 week
-
-pub struct Fairing {
-    secret_key: String,
-}
-
-struct Token {
-    timestamp: u32,
-    value: String,
-}
-
-impl Fairing {
-    pub fn new(secret_key: String) -> Self {
-        Self { secret_key }
-    }
-}
-
-impl Token {
-    // TODO: implement this
-    fn generate() -> Self {
-        Self {
-            timestamp: 0,
-            value: "".to_string(),
-        }
-    }
-
-    fn from_cookie(cookie: &Cookie) -> Self {
-        Self::from_string(cookie.value().to_string())
-    }
-
-    // TODO: implement this
-    fn from_string(token: String) -> Self {
-        Self {
-            timestamp: 0,
-            value: "".to_string(),
-        }
-    }
-
-    // TODO: implement this
-    fn to_string(&self) -> String {
-        "".to_string()
-    }
-
-    // TODO: implement this
-    fn is_expired(&self) -> bool {
-        true
-    }
-
-    // TODO: implement this
-    fn is_refreshable(&self) -> bool {
-        true
-    }
-
-    fn not_expired_or_none(self) -> Option<Self> {
-        if self.is_expired() {
-            None
-        }
-        else {
-            Some(self)
-        }
-    }
-
-    fn not_refreshable_or_none(self) -> Option<Self> {
-        if self.is_refreshable() {
-            None
-        }
-        else {
-            Some(self)
-        }
-    }
-}
-
-impl RocketFairing for Fairing {
-    fn info(&self) -> Info {
-        Info {
-            name: "CSRF (Cross-Site Request Forgery) protection",
-            kind: Kind::Request,
-        }
-    }
-
-    fn on_request(&self, request: &mut Request, _: &Data) {
-        let token: Option<Token> = request.cookies()
-            .get_private(COOKIE_NAME)
-            .and_then(|cookie| Some(Token::from_cookie(&cookie)))
-            .and_then(|token| token.not_refreshable_or_none());
-
-        if token.is_some() { return }
-
-        let new_token = Token::generate();
-
-        let mut new_cookie = Cookie::new(COOKIE_NAME, new_token.to_string());
-
-        request.cookies().add_private(new_cookie);
-    }
-}
diff --git a/src/main.rs b/src/main.rs
index 709ae9e..d60d091 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -2,7 +2,6 @@
 
 #[cfg(test)] mod tests;
 
-mod csrf;
 mod config;
 mod web;
 mod database;
diff --git a/src/web.rs b/src/web.rs
index 4e7e228..877c2b9 100644
--- a/src/web.rs
+++ b/src/web.rs
@@ -1,4 +1,3 @@
-use crate::csrf;
 use crate::config;
 use crate::database;
 use crate::routes;
@@ -15,7 +14,6 @@ pub fn rocket(config: &config::Config) -> Result<rocket::Rocket, ()> {
 
     let result = rocket::custom(rocket_config)
         .manage(database::create_db_pool(config))
-        .attach(csrf::Fairing::new(secret_key))
         .attach(Template::fairing())
         .mount("/", routes::routes())
         .mount("/", StaticFiles::new(public_path, ServeOptions::None));