diff options
Diffstat (limited to 'examples/csrf')
| -rw-r--r-- | examples/csrf/Cargo.toml | 15 | ||||
| -rw-r--r-- | examples/csrf/src/main.rs | 87 |
2 files changed, 0 insertions, 102 deletions
diff --git a/examples/csrf/Cargo.toml b/examples/csrf/Cargo.toml deleted file mode 100644 index b6768ed..0000000 --- a/examples/csrf/Cargo.toml +++ /dev/null @@ -1,15 +0,0 @@ -[package] -name = "csrf" -version = "0.1.0" -authors = ["Martin Fischer <martin@push-f.com>"] -edition = "2018" -publish = false - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -hyper = "0.13" -sputnik = {path = "../../"} -serde = { version = "1.0", features = ["derive"] } -tokio = { version = "0.2", features = ["full"] } -thiserror = "1.0"
\ No newline at end of file diff --git a/examples/csrf/src/main.rs b/examples/csrf/src/main.rs deleted file mode 100644 index 53ea87f..0000000 --- a/examples/csrf/src/main.rs +++ /dev/null @@ -1,87 +0,0 @@ -use std::convert::Infallible; -use hyper::service::{service_fn, make_service_fn}; -use hyper::{Method, Server, StatusCode, Body}; -use hyper::http::request::Parts; -use hyper::http::response::Builder; -use serde::Deserialize; -use sputnik::{mime, request::{SputnikParts, SputnikBody, CsrfToken}, response::SputnikBuilder}; -use sputnik::request::CsrfProtectedFormError; - -type Response = hyper::Response<Body>; - -#[derive(thiserror::Error, Debug)] -enum Error { - #[error("page not found")] - NotFound(String), - #[error("{0}")] - CsrfError(#[from] CsrfProtectedFormError) -} - -fn render_error(err: Error) -> (StatusCode, String) { - match err { - Error::NotFound(msg) => (StatusCode::NOT_FOUND, msg), - Error::CsrfError(err) => (StatusCode::BAD_REQUEST, err.to_string()), - } -} - -async fn route(req: &mut Parts, body: Body) -> Result<Response, Error> { - match (&req.method, req.uri.path()) { - (&Method::GET, "/form") => Ok(get_form(req)), - (&Method::POST, "/form") => post_form(req, body).await, - _ => return Err(Error::NotFound("page not found".to_owned())) - } -} - -fn get_form(req: &mut Parts) -> Response { - Builder::new() - .content_type(mime::TEXT_HTML) - .body( - format!( - "<form method=post><input name=text>{}<button>Submit</button></form>", - CsrfToken::from_request(req).html_input() - ).into() - ).unwrap() -} - -#[derive(Deserialize)] -struct FormData {text: String} - -async fn post_form(req: &mut Parts, body: Body) -> Result<Response, Error> { - let msg: FormData = body.into_form_csrf(req).await?; - Ok(Builder::new().body( - format!("hello {}", msg.text).into() - ).unwrap()) -} - -async fn service(req: hyper::Request<hyper::Body>) -> Result<hyper::Response<hyper::Body>, Infallible> { - let (mut parts, body) = req.into_parts(); - match route(&mut parts, body).await { - Ok(mut res) => { - for (k,v) in parts.response_headers().iter() { - res.headers_mut().append(k, v.clone()); - } - Ok(res) - } - Err(err) => { - let (code, message) = render_error(err); - // you can easily wrap or log errors here - Ok(hyper::Response::builder().status(code).body(message.into()).unwrap()) - } - } -} - -#[tokio::main] -async fn main() { - let service = make_service_fn(move |_| { - async move { - Ok::<_, hyper::Error>(service_fn(move |req| { - service(req) - })) - } - }); - - let addr = ([127, 0, 0, 1], 8000).into(); - let server = Server::bind(&addr).serve(service); - println!("Listening on http://{}", addr); - server.await; -}
\ No newline at end of file |