aboutsummaryrefslogtreecommitdiff
path: root/examples/csrf/src/main.rs
diff options
context:
space:
mode:
authorMartin Fischer <martin@push-f.com>2021-01-29 20:29:42 +0100
committerMartin Fischer <martin@push-f.com>2021-01-29 20:35:27 +0100
commitc7d3bd087c49bdd0b33ed23ff583bf58ba705a1c (patch)
treec79624f5211438551583bec1638d2787d36277a2 /examples/csrf/src/main.rs
parent10b5cd07f07cefd15450001375cd1c3e6927cc8a (diff)
remove CSRF tokens (SameSite support is good enough)
Diffstat (limited to 'examples/csrf/src/main.rs')
-rw-r--r--examples/csrf/src/main.rs87
1 files changed, 0 insertions, 87 deletions
diff --git a/examples/csrf/src/main.rs b/examples/csrf/src/main.rs
deleted file mode 100644
index 53ea87f..0000000
--- a/examples/csrf/src/main.rs
+++ /dev/null
@@ -1,87 +0,0 @@
-use std::convert::Infallible;
-use hyper::service::{service_fn, make_service_fn};
-use hyper::{Method, Server, StatusCode, Body};
-use hyper::http::request::Parts;
-use hyper::http::response::Builder;
-use serde::Deserialize;
-use sputnik::{mime, request::{SputnikParts, SputnikBody, CsrfToken}, response::SputnikBuilder};
-use sputnik::request::CsrfProtectedFormError;
-
-type Response = hyper::Response<Body>;
-
-#[derive(thiserror::Error, Debug)]
-enum Error {
- #[error("page not found")]
- NotFound(String),
- #[error("{0}")]
- CsrfError(#[from] CsrfProtectedFormError)
-}
-
-fn render_error(err: Error) -> (StatusCode, String) {
- match err {
- Error::NotFound(msg) => (StatusCode::NOT_FOUND, msg),
- Error::CsrfError(err) => (StatusCode::BAD_REQUEST, err.to_string()),
- }
-}
-
-async fn route(req: &mut Parts, body: Body) -> Result<Response, Error> {
- match (&req.method, req.uri.path()) {
- (&Method::GET, "/form") => Ok(get_form(req)),
- (&Method::POST, "/form") => post_form(req, body).await,
- _ => return Err(Error::NotFound("page not found".to_owned()))
- }
-}
-
-fn get_form(req: &mut Parts) -> Response {
- Builder::new()
- .content_type(mime::TEXT_HTML)
- .body(
- format!(
- "<form method=post><input name=text>{}<button>Submit</button></form>",
- CsrfToken::from_request(req).html_input()
- ).into()
- ).unwrap()
-}
-
-#[derive(Deserialize)]
-struct FormData {text: String}
-
-async fn post_form(req: &mut Parts, body: Body) -> Result<Response, Error> {
- let msg: FormData = body.into_form_csrf(req).await?;
- Ok(Builder::new().body(
- format!("hello {}", msg.text).into()
- ).unwrap())
-}
-
-async fn service(req: hyper::Request<hyper::Body>) -> Result<hyper::Response<hyper::Body>, Infallible> {
- let (mut parts, body) = req.into_parts();
- match route(&mut parts, body).await {
- Ok(mut res) => {
- for (k,v) in parts.response_headers().iter() {
- res.headers_mut().append(k, v.clone());
- }
- Ok(res)
- }
- Err(err) => {
- let (code, message) = render_error(err);
- // you can easily wrap or log errors here
- Ok(hyper::Response::builder().status(code).body(message.into()).unwrap())
- }
- }
-}
-
-#[tokio::main]
-async fn main() {
- let service = make_service_fn(move |_| {
- async move {
- Ok::<_, hyper::Error>(service_fn(move |req| {
- service(req)
- }))
- }
- });
-
- let addr = ([127, 0, 0, 1], 8000).into();
- let server = Server::bind(&addr).serve(service);
- println!("Listening on http://{}", addr);
- server.await;
-} \ No newline at end of file