Revert "Remove barebone CSRF protection fairing"
This reverts commit 4ec439a6f3
.
This commit is contained in:
parent
4ec439a6f3
commit
b49ed15975
|
@ -0,0 +1,27 @@
|
|||
use rocket::{Data, Request};
|
||||
use rocket::fairing::{Fairing as RocketFairing, Info, Kind};
|
||||
|
||||
const COOKIE_NAME: &str = "csrf_token";
|
||||
|
||||
pub struct Fairing;
|
||||
|
||||
impl Fairing {
|
||||
pub fn new() -> Self {
|
||||
Self {}
|
||||
}
|
||||
}
|
||||
|
||||
impl RocketFairing for Fairing {
|
||||
fn info(&self) -> Info {
|
||||
Info {
|
||||
name: "CSRF (Cross-Site Request Forgery) protection",
|
||||
kind: Kind::Request,
|
||||
}
|
||||
}
|
||||
|
||||
fn on_request(&self, request: &mut Request, _: &Data) {
|
||||
let _token: Option<String> = request.cookies()
|
||||
.get_private(COOKIE_NAME)
|
||||
.and_then(|cookie| Some(cookie.value().to_string()));
|
||||
}
|
||||
}
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
#[cfg(test)] mod tests;
|
||||
|
||||
mod csrf;
|
||||
mod config;
|
||||
mod web;
|
||||
mod database;
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
use crate::csrf;
|
||||
use crate::config;
|
||||
use crate::database;
|
||||
use crate::routes;
|
||||
|
@ -10,10 +11,9 @@ pub fn rocket(config: &config::Config) -> Result<rocket::Rocket, ()> {
|
|||
|
||||
let public_path = config.public_path()?;
|
||||
|
||||
let secret_key = config.secret_key.as_ref().unwrap().to_string();
|
||||
|
||||
let result = rocket::custom(rocket_config)
|
||||
.manage(database::create_db_pool(config))
|
||||
.attach(csrf::Fairing::new())
|
||||
.attach(Template::fairing())
|
||||
.mount("/", routes::routes())
|
||||
.mount("/", StaticFiles::new(public_path, ServeOptions::None));
|
||||
|
|
Reference in New Issue