Add working example
This commit is contained in:
parent
6b639e7434
commit
735cc43d99
24
README.md
24
README.md
|
@ -26,10 +26,18 @@ Attach [fairing](https://rocket.rs/v0.4/guide/fairings/#fairings) to the Rocket
|
||||||
instance:
|
instance:
|
||||||
|
|
||||||
```rust
|
```rust
|
||||||
|
#![feature(decl_macro)]
|
||||||
|
|
||||||
|
#[macro_use] extern crate rocket;
|
||||||
|
#[macro_use] extern crate serde_derive;
|
||||||
|
|
||||||
|
use rocket_contrib::templates::Template;
|
||||||
|
|
||||||
fn main() {
|
fn main() {
|
||||||
rocket::ignite()
|
rocket::ignite()
|
||||||
.attach(rocket_csrf::Fairing::new())
|
.attach(rocket_csrf::Fairing::new())
|
||||||
.mount("/", routes![index, create])
|
.attach(Template::fairing())
|
||||||
|
.mount("/", routes![new, create])
|
||||||
.launch();
|
.launch();
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
@ -39,8 +47,12 @@ request where you want to have access to session's CSRF token (e.g. to include
|
||||||
it in forms) or verify it (e.g. to validate form):
|
it in forms) or verify it (e.g. to validate form):
|
||||||
|
|
||||||
```rust
|
```rust
|
||||||
|
use rocket::response::Redirect;
|
||||||
|
use rocket::request::Form;
|
||||||
|
use rocket_contrib::templates::Template;
|
||||||
|
|
||||||
#[get("/comments/new")]
|
#[get("/comments/new")]
|
||||||
fn index(csrf: rocket_csrf::Guard) -> Template {
|
fn new(csrf: rocket_csrf::Guard) -> Template {
|
||||||
// your code
|
// your code
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -56,7 +68,7 @@ to use it in [templates](https://rocket.rs/v0.4/guide/responses/#templates):
|
||||||
|
|
||||||
```rust
|
```rust
|
||||||
#[get("/comments/new")]
|
#[get("/comments/new")]
|
||||||
fn index(csrf: rocket_csrf::Guard) -> Template {
|
fn new(csrf: rocket_csrf::Guard) -> Template {
|
||||||
let csrf_token: String = csrf.0;
|
let csrf_token: String = csrf.0;
|
||||||
|
|
||||||
// your code
|
// your code
|
||||||
|
@ -90,14 +102,16 @@ authenticity token:
|
||||||
```rust
|
```rust
|
||||||
#[post("/comments", data = "<form>")]
|
#[post("/comments", data = "<form>")]
|
||||||
fn create(csrf: rocket_csrf::Guard, form: Form<Comment>) -> Redirect {
|
fn create(csrf: rocket_csrf::Guard, form: Form<Comment>) -> Redirect {
|
||||||
if Err(_) = csrf.verify(form.authenticity_token) {
|
if let Err(_) = csrf.verify(&form.authenticity_token) {
|
||||||
return Redirect::to(uri!(index));
|
return Redirect::to(uri!(new));
|
||||||
}
|
}
|
||||||
|
|
||||||
// your code
|
// your code
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
See the complete code in [minimal example](examples/minimal).
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
TODO
|
TODO
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
/target/
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,13 @@
|
||||||
|
[package]
|
||||||
|
name = "rocket_csrf_example_minimal"
|
||||||
|
version = "0.0.0"
|
||||||
|
authors = ["Alex Kotov <kotovalexarian@gmail.com>"]
|
||||||
|
edition = "2018"
|
||||||
|
publish = false
|
||||||
|
|
||||||
|
[dependencies]
|
||||||
|
rocket = "^0.4.5"
|
||||||
|
rocket_csrf = { path = "../.." }
|
||||||
|
rocket_contrib = { version = "^0.4.5", features = ["handlebars_templates"] }
|
||||||
|
serde = "^1.0.117"
|
||||||
|
serde_derive = "^1.0.117"
|
|
@ -0,0 +1,45 @@
|
||||||
|
#![feature(decl_macro)]
|
||||||
|
|
||||||
|
#[macro_use] extern crate rocket;
|
||||||
|
#[macro_use] extern crate serde_derive;
|
||||||
|
|
||||||
|
use rocket::response::Redirect;
|
||||||
|
use rocket::request::Form;
|
||||||
|
use rocket_contrib::templates::Template;
|
||||||
|
|
||||||
|
#[derive(Serialize)]
|
||||||
|
struct TemplateContext {
|
||||||
|
csrf_token: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(FromForm)]
|
||||||
|
struct Comment {
|
||||||
|
authenticity_token: String,
|
||||||
|
text: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
fn main() {
|
||||||
|
rocket::ignite()
|
||||||
|
.attach(rocket_csrf::Fairing::new())
|
||||||
|
.attach(Template::fairing())
|
||||||
|
.mount("/", routes![new, create])
|
||||||
|
.launch();
|
||||||
|
}
|
||||||
|
|
||||||
|
#[get("/comments/new")]
|
||||||
|
fn new(csrf: rocket_csrf::Guard) -> Template {
|
||||||
|
let template_context = TemplateContext {
|
||||||
|
csrf_token: csrf.0,
|
||||||
|
};
|
||||||
|
|
||||||
|
Template::render("comments/new", &template_context)
|
||||||
|
}
|
||||||
|
|
||||||
|
#[post("/comments", data = "<form>")]
|
||||||
|
fn create(csrf: rocket_csrf::Guard, form: Form<Comment>) -> Redirect {
|
||||||
|
if let Err(_) = csrf.verify(&form.authenticity_token) {
|
||||||
|
return Redirect::to(uri!(new));
|
||||||
|
}
|
||||||
|
|
||||||
|
Redirect::to(uri!(new))
|
||||||
|
}
|
|
@ -0,0 +1,5 @@
|
||||||
|
<form method="post" action="/comments">
|
||||||
|
<input type="hidden" name="authenticity_token" value="{{ csrf_token }}"/>
|
||||||
|
<input type="text" name="text"/>
|
||||||
|
<button type="submit">Submit</button>
|
||||||
|
</form>
|
Loading…
Reference in New Issue