diff options
author | Martin Fischer <martin@push-f.com> | 2021-01-25 14:47:47 +0100 |
---|---|---|
committer | Martin Fischer <martin@push-f.com> | 2021-01-25 15:06:48 +0100 |
commit | 9fa7442e41bc11ab3d62f43f5f6e90b59e160da2 (patch) | |
tree | c61b9dee4e03037f31d3761a17c8805ccade9cdd /README.md | |
parent | 76e92d7281b45ce506046a8946b7fde3355c485d (diff) |
simplify CSRF API
This commit gets rid of the CsrfToken type,
simplifying submission handling:
// before
let csrf_token = req.csrf_token(&mut response);
let msg: FormData = body.into_form_csrf(&csrf_token).await?;
// after
let msg: FormData = body.into_form_csrf(req).await?;
As well as HTML input retrieval:
// before
req.csrf_token(&mut response).html_input();
// after
req.csrf_html_input(&mut response);
This commit also merges the CsrfError type into CsrfProtectedFormError.
bump version to 0.3.1
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 18 |
1 files changed, 8 insertions, 10 deletions
@@ -51,29 +51,27 @@ fn render_error(err: Error) -> (StatusCode, String) { async fn route(req: &mut Parts, body: Body) -> Result<Response, Error> { match (&req.method, req.uri.path()) { - (&Method::GET, "/form") => get_form(req).await, + (&Method::GET, "/form") => Ok(get_form(req)), (&Method::POST, "/form") => post_form(req, body).await, _ => return Err(Error::NotFound("page not found".to_owned())) } } -async fn get_form(req: &mut Parts) -> Result<Response, Error> { +fn get_form(req: &mut Parts) -> Response { let mut response = Builder::new(); - let csrf_token = req.csrf_token(&mut response); - Ok(response.content_type(mime::TEXT_HTML).body( + let csrf_input = req.csrf_html_input(&mut response); + response.content_type(mime::TEXT_HTML).body( format!("<form method=post> - <input name=text>{}<button>Submit</button></form>", csrf_token.html_input()).into() - ).unwrap()) + <input name=text>{}<button>Submit</button></form>", csrf_input).into() + ).unwrap() } #[derive(Deserialize)] struct FormData {text: String} async fn post_form(req: &mut Parts, body: Body) -> Result<Response, Error> { - let mut response = Builder::new(); - let csrf_token = req.csrf_token(&mut response); - let msg: FormData = body.into_form_csrf(&csrf_token).await?; - Ok(response.body( + let msg: FormData = body.into_form_csrf(req).await?; + Ok(Builder::new().body( format!("hello {}", msg.text).into() ).unwrap()) } |