Add working example
This commit is contained in:
parent
6b639e7434
commit
735cc43d99
24
README.md
24
README.md
|
@ -26,10 +26,18 @@ Attach [fairing](https://rocket.rs/v0.4/guide/fairings/#fairings) to the Rocket
|
|||
instance:
|
||||
|
||||
```rust
|
||||
#![feature(decl_macro)]
|
||||
|
||||
#[macro_use] extern crate rocket;
|
||||
#[macro_use] extern crate serde_derive;
|
||||
|
||||
use rocket_contrib::templates::Template;
|
||||
|
||||
fn main() {
|
||||
rocket::ignite()
|
||||
.attach(rocket_csrf::Fairing::new())
|
||||
.mount("/", routes![index, create])
|
||||
.attach(Template::fairing())
|
||||
.mount("/", routes![new, create])
|
||||
.launch();
|
||||
}
|
||||
```
|
||||
|
@ -39,8 +47,12 @@ request where you want to have access to session's CSRF token (e.g. to include
|
|||
it in forms) or verify it (e.g. to validate form):
|
||||
|
||||
```rust
|
||||
use rocket::response::Redirect;
|
||||
use rocket::request::Form;
|
||||
use rocket_contrib::templates::Template;
|
||||
|
||||
#[get("/comments/new")]
|
||||
fn index(csrf: rocket_csrf::Guard) -> Template {
|
||||
fn new(csrf: rocket_csrf::Guard) -> Template {
|
||||
// your code
|
||||
}
|
||||
|
||||
|
@ -56,7 +68,7 @@ to use it in [templates](https://rocket.rs/v0.4/guide/responses/#templates):
|
|||
|
||||
```rust
|
||||
#[get("/comments/new")]
|
||||
fn index(csrf: rocket_csrf::Guard) -> Template {
|
||||
fn new(csrf: rocket_csrf::Guard) -> Template {
|
||||
let csrf_token: String = csrf.0;
|
||||
|
||||
// your code
|
||||
|
@ -90,14 +102,16 @@ authenticity token:
|
|||
```rust
|
||||
#[post("/comments", data = "<form>")]
|
||||
fn create(csrf: rocket_csrf::Guard, form: Form<Comment>) -> Redirect {
|
||||
if Err(_) = csrf.verify(form.authenticity_token) {
|
||||
return Redirect::to(uri!(index));
|
||||
if let Err(_) = csrf.verify(&form.authenticity_token) {
|
||||
return Redirect::to(uri!(new));
|
||||
}
|
||||
|
||||
// your code
|
||||
}
|
||||
```
|
||||
|
||||
See the complete code in [minimal example](examples/minimal).
|
||||
|
||||
|
||||
|
||||
TODO
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
/target/
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,13 @@
|
|||
[package]
|
||||
name = "rocket_csrf_example_minimal"
|
||||
version = "0.0.0"
|
||||
authors = ["Alex Kotov <kotovalexarian@gmail.com>"]
|
||||
edition = "2018"
|
||||
publish = false
|
||||
|
||||
[dependencies]
|
||||
rocket = "^0.4.5"
|
||||
rocket_csrf = { path = "../.." }
|
||||
rocket_contrib = { version = "^0.4.5", features = ["handlebars_templates"] }
|
||||
serde = "^1.0.117"
|
||||
serde_derive = "^1.0.117"
|
|
@ -0,0 +1,45 @@
|
|||
#![feature(decl_macro)]
|
||||
|
||||
#[macro_use] extern crate rocket;
|
||||
#[macro_use] extern crate serde_derive;
|
||||
|
||||
use rocket::response::Redirect;
|
||||
use rocket::request::Form;
|
||||
use rocket_contrib::templates::Template;
|
||||
|
||||
#[derive(Serialize)]
|
||||
struct TemplateContext {
|
||||
csrf_token: String,
|
||||
}
|
||||
|
||||
#[derive(FromForm)]
|
||||
struct Comment {
|
||||
authenticity_token: String,
|
||||
text: String,
|
||||
}
|
||||
|
||||
fn main() {
|
||||
rocket::ignite()
|
||||
.attach(rocket_csrf::Fairing::new())
|
||||
.attach(Template::fairing())
|
||||
.mount("/", routes![new, create])
|
||||
.launch();
|
||||
}
|
||||
|
||||
#[get("/comments/new")]
|
||||
fn new(csrf: rocket_csrf::Guard) -> Template {
|
||||
let template_context = TemplateContext {
|
||||
csrf_token: csrf.0,
|
||||
};
|
||||
|
||||
Template::render("comments/new", &template_context)
|
||||
}
|
||||
|
||||
#[post("/comments", data = "<form>")]
|
||||
fn create(csrf: rocket_csrf::Guard, form: Form<Comment>) -> Redirect {
|
||||
if let Err(_) = csrf.verify(&form.authenticity_token) {
|
||||
return Redirect::to(uri!(new));
|
||||
}
|
||||
|
||||
Redirect::to(uri!(new))
|
||||
}
|
|
@ -0,0 +1,5 @@
|
|||
<form method="post" action="/comments">
|
||||
<input type="hidden" name="authenticity_token" value="{{ csrf_token }}"/>
|
||||
<input type="text" name="text"/>
|
||||
<button type="submit">Submit</button>
|
||||
</form>
|
Loading…
Reference in New Issue