Revert "Remove barebone CSRF protection fairing"
This reverts commit 4ec439a6f3
.
This commit is contained in:
parent
4ec439a6f3
commit
b49ed15975
|
@ -0,0 +1,27 @@
|
||||||
|
use rocket::{Data, Request};
|
||||||
|
use rocket::fairing::{Fairing as RocketFairing, Info, Kind};
|
||||||
|
|
||||||
|
const COOKIE_NAME: &str = "csrf_token";
|
||||||
|
|
||||||
|
pub struct Fairing;
|
||||||
|
|
||||||
|
impl Fairing {
|
||||||
|
pub fn new() -> Self {
|
||||||
|
Self {}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl RocketFairing for Fairing {
|
||||||
|
fn info(&self) -> Info {
|
||||||
|
Info {
|
||||||
|
name: "CSRF (Cross-Site Request Forgery) protection",
|
||||||
|
kind: Kind::Request,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn on_request(&self, request: &mut Request, _: &Data) {
|
||||||
|
let _token: Option<String> = request.cookies()
|
||||||
|
.get_private(COOKIE_NAME)
|
||||||
|
.and_then(|cookie| Some(cookie.value().to_string()));
|
||||||
|
}
|
||||||
|
}
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
#[cfg(test)] mod tests;
|
#[cfg(test)] mod tests;
|
||||||
|
|
||||||
|
mod csrf;
|
||||||
mod config;
|
mod config;
|
||||||
mod web;
|
mod web;
|
||||||
mod database;
|
mod database;
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
use crate::csrf;
|
||||||
use crate::config;
|
use crate::config;
|
||||||
use crate::database;
|
use crate::database;
|
||||||
use crate::routes;
|
use crate::routes;
|
||||||
|
@ -10,10 +11,9 @@ pub fn rocket(config: &config::Config) -> Result<rocket::Rocket, ()> {
|
||||||
|
|
||||||
let public_path = config.public_path()?;
|
let public_path = config.public_path()?;
|
||||||
|
|
||||||
let secret_key = config.secret_key.as_ref().unwrap().to_string();
|
|
||||||
|
|
||||||
let result = rocket::custom(rocket_config)
|
let result = rocket::custom(rocket_config)
|
||||||
.manage(database::create_db_pool(config))
|
.manage(database::create_db_pool(config))
|
||||||
|
.attach(csrf::Fairing::new())
|
||||||
.attach(Template::fairing())
|
.attach(Template::fairing())
|
||||||
.mount("/", routes::routes())
|
.mount("/", routes::routes())
|
||||||
.mount("/", StaticFiles::new(public_path, ServeOptions::None));
|
.mount("/", StaticFiles::new(public_path, ServeOptions::None));
|
||||||
|
|
Reference in New Issue