From 9fa7442e41bc11ab3d62f43f5f6e90b59e160da2 Mon Sep 17 00:00:00 2001
From: Martin Fischer <martin@push-f.com>
Date: Mon, 25 Jan 2021 14:47:47 +0100
Subject: simplify CSRF API

This commit gets rid of the CsrfToken type,
simplifying submission handling:

  // before
  let csrf_token = req.csrf_token(&mut response);
  let msg: FormData = body.into_form_csrf(&csrf_token).await?;

  // after
  let msg: FormData = body.into_form_csrf(req).await?;

As well as HTML input retrieval:

  // before
  req.csrf_token(&mut response).html_input();

  // after
  req.csrf_html_input(&mut response);

This commit also merges the CsrfError type into CsrfProtectedFormError.

bump version to 0.3.1
---
 examples/csrf/src/main.rs | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

(limited to 'examples/csrf')

diff --git a/examples/csrf/src/main.rs b/examples/csrf/src/main.rs
index e7e1bfa..94fd09c 100644
--- a/examples/csrf/src/main.rs
+++ b/examples/csrf/src/main.rs
@@ -26,29 +26,27 @@ fn render_error(err: Error) -> (StatusCode, String) {
 
 async fn route(req: &mut Parts, body: Body) -> Result<Response, Error> {
     match (&req.method, req.uri.path()) {
-        (&Method::GET, "/form") => get_form(req).await,
+        (&Method::GET, "/form") => Ok(get_form(req)),
         (&Method::POST, "/form") => post_form(req, body).await,
         _ => return Err(Error::NotFound("page not found".to_owned()))
     }
 }
 
-async fn get_form(req: &mut Parts) -> Result<Response, Error> {
+fn get_form(req: &mut Parts) -> Response {
     let mut response = Builder::new();
-    let csrf_token = req.csrf_token(&mut response);
-    Ok(response.content_type(mime::TEXT_HTML).body(
+    let csrf_input = req.csrf_html_input(&mut response);
+    response.content_type(mime::TEXT_HTML).body(
         format!("<form method=post>
-        <input name=text>{}<button>Submit</button></form>", csrf_token.html_input()).into()
-    ).unwrap())
+        <input name=text>{}<button>Submit</button></form>", csrf_input).into()
+    ).unwrap()
 }
 
 #[derive(Deserialize)]
 struct FormData {text: String}
 
 async fn post_form(req: &mut Parts, body: Body) -> Result<Response, Error> {
-    let mut response = Builder::new();
-    let csrf_token = req.csrf_token(&mut response);
-    let msg: FormData = body.into_form_csrf(&csrf_token).await?;
-    Ok(response.body(
+    let msg: FormData = body.into_form_csrf(req).await?;
+    Ok(Builder::new().body(
         format!("hello {}", msg.text).into()
     ).unwrap())
 }
-- 
cgit v1.2.3