Added expires set via config. Reverted time library to older version. Newest Rocket 5 uses new Time format. Fixed formating
This commit is contained in:
parent
ff0b8e6c73
commit
ba5523d402
|
@ -16,5 +16,5 @@ publish = true
|
|||
base64 = { version = "0.13.0" }
|
||||
rand = { version = "0.8.3" }
|
||||
rocket = { version = "0.4.6", features = ["private-cookies"] }
|
||||
time = "0.2.25"
|
||||
time = "0.1.38"
|
||||
bcrypt = "0.9"
|
23
src/lib.rs
23
src/lib.rs
|
@ -1,3 +1,4 @@
|
|||
use bcrypt::{hash, verify, DEFAULT_COST};
|
||||
use rand::{distributions::Standard, Rng};
|
||||
use rocket::{
|
||||
fairing::{Fairing as RocketFairing, Info, Kind},
|
||||
|
@ -5,7 +6,6 @@ use rocket::{
|
|||
request::{FromRequest, Outcome},
|
||||
Data, Request, Rocket, State,
|
||||
};
|
||||
use bcrypt::{hash, verify, DEFAULT_COST};
|
||||
use std::borrow::Cow;
|
||||
use time::Duration;
|
||||
|
||||
|
@ -28,7 +28,7 @@ impl Default for CsrfConfig {
|
|||
fn default() -> Self {
|
||||
Self {
|
||||
/// Set to 6hour for default in Database Session stores.
|
||||
lifespan: Duration::day(),
|
||||
lifespan: Duration::days(1),
|
||||
cookie_name: "csrf_token".into(),
|
||||
cookie_len: 32,
|
||||
}
|
||||
|
@ -116,13 +116,22 @@ impl RocketFairing for Fairing {
|
|||
return;
|
||||
}
|
||||
|
||||
let values: Vec<u8> = rand::thread_rng().sample_iter(Standard).take(config.cookie_len).collect();
|
||||
let values: Vec<u8> = rand::thread_rng()
|
||||
.sample_iter(Standard)
|
||||
.take(config.cookie_len)
|
||||
.collect();
|
||||
let encoded = base64::encode(&values[..]);
|
||||
|
||||
request
|
||||
.cookies()
|
||||
.add_private(Cookie::new(config.cookie_name.clone(), encoded));
|
||||
}
|
||||
//This changed in the latest Rocket so it will be nicer when it is switched.
|
||||
let mut now = time::now_utc();
|
||||
now = now + config.lifespan;
|
||||
|
||||
request.cookies().add_private(
|
||||
Cookie::build(config.cookie_name.clone(), encoded)
|
||||
.expires(now)
|
||||
.finish(),
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
impl<'a, 'r> FromRequest<'a, 'r> for CsrfToken {
|
||||
|
|
Loading…
Reference in New Issue