aboutsummaryrefslogtreecommitdiff
path: root/examples/csrf/src
diff options
context:
space:
mode:
authorMartin Fischer <martin@push-f.com>2021-01-25 14:47:47 +0100
committerMartin Fischer <martin@push-f.com>2021-01-25 15:06:48 +0100
commit9fa7442e41bc11ab3d62f43f5f6e90b59e160da2 (patch)
treec61b9dee4e03037f31d3761a17c8805ccade9cdd /examples/csrf/src
parent76e92d7281b45ce506046a8946b7fde3355c485d (diff)
simplify CSRF API
This commit gets rid of the CsrfToken type, simplifying submission handling: // before let csrf_token = req.csrf_token(&mut response); let msg: FormData = body.into_form_csrf(&csrf_token).await?; // after let msg: FormData = body.into_form_csrf(req).await?; As well as HTML input retrieval: // before req.csrf_token(&mut response).html_input(); // after req.csrf_html_input(&mut response); This commit also merges the CsrfError type into CsrfProtectedFormError. bump version to 0.3.1
Diffstat (limited to 'examples/csrf/src')
-rw-r--r--examples/csrf/src/main.rs18
1 files changed, 8 insertions, 10 deletions
diff --git a/examples/csrf/src/main.rs b/examples/csrf/src/main.rs
index e7e1bfa..94fd09c 100644
--- a/examples/csrf/src/main.rs
+++ b/examples/csrf/src/main.rs
@@ -26,29 +26,27 @@ fn render_error(err: Error) -> (StatusCode, String) {
async fn route(req: &mut Parts, body: Body) -> Result<Response, Error> {
match (&req.method, req.uri.path()) {
- (&Method::GET, "/form") => get_form(req).await,
+ (&Method::GET, "/form") => Ok(get_form(req)),
(&Method::POST, "/form") => post_form(req, body).await,
_ => return Err(Error::NotFound("page not found".to_owned()))
}
}
-async fn get_form(req: &mut Parts) -> Result<Response, Error> {
+fn get_form(req: &mut Parts) -> Response {
let mut response = Builder::new();
- let csrf_token = req.csrf_token(&mut response);
- Ok(response.content_type(mime::TEXT_HTML).body(
+ let csrf_input = req.csrf_html_input(&mut response);
+ response.content_type(mime::TEXT_HTML).body(
format!("<form method=post>
- <input name=text>{}<button>Submit</button></form>", csrf_token.html_input()).into()
- ).unwrap())
+ <input name=text>{}<button>Submit</button></form>", csrf_input).into()
+ ).unwrap()
}
#[derive(Deserialize)]
struct FormData {text: String}
async fn post_form(req: &mut Parts, body: Body) -> Result<Response, Error> {
- let mut response = Builder::new();
- let csrf_token = req.csrf_token(&mut response);
- let msg: FormData = body.into_form_csrf(&csrf_token).await?;
- Ok(response.body(
+ let msg: FormData = body.into_form_csrf(req).await?;
+ Ok(Builder::new().body(
format!("hello {}", msg.text).into()
).unwrap())
}