From c7d3bd087c49bdd0b33ed23ff583bf58ba705a1c Mon Sep 17 00:00:00 2001
From: Martin Fischer <martin@push-f.com>
Date: Fri, 29 Jan 2021 20:29:42 +0100
Subject: remove CSRF tokens (SameSite support is good enough)
---
examples/csrf/Cargo.toml | 15 --------
examples/csrf/src/main.rs | 87 -----------------------------------------------
2 files changed, 102 deletions(-)
delete mode 100644 examples/csrf/Cargo.toml
delete mode 100644 examples/csrf/src/main.rs
(limited to 'examples/csrf')
diff --git a/examples/csrf/Cargo.toml b/examples/csrf/Cargo.toml
deleted file mode 100644
index b6768ed..0000000
--- a/examples/csrf/Cargo.toml
+++ /dev/null
@@ -1,15 +0,0 @@
-[package]
-name = "csrf"
-version = "0.1.0"
-authors = ["Martin Fischer <martin@push-f.com>"]
-edition = "2018"
-publish = false
-
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
-
-[dependencies]
-hyper = "0.13"
-sputnik = {path = "../../"}
-serde = { version = "1.0", features = ["derive"] }
-tokio = { version = "0.2", features = ["full"] }
-thiserror = "1.0"
\ No newline at end of file
diff --git a/examples/csrf/src/main.rs b/examples/csrf/src/main.rs
deleted file mode 100644
index 53ea87f..0000000
--- a/examples/csrf/src/main.rs
+++ /dev/null
@@ -1,87 +0,0 @@
-use std::convert::Infallible;
-use hyper::service::{service_fn, make_service_fn};
-use hyper::{Method, Server, StatusCode, Body};
-use hyper::http::request::Parts;
-use hyper::http::response::Builder;
-use serde::Deserialize;
-use sputnik::{mime, request::{SputnikParts, SputnikBody, CsrfToken}, response::SputnikBuilder};
-use sputnik::request::CsrfProtectedFormError;
-
-type Response = hyper::Response<Body>;
-
-#[derive(thiserror::Error, Debug)]
-enum Error {
- #[error("page not found")]
- NotFound(String),
- #[error("{0}")]
- CsrfError(#[from] CsrfProtectedFormError)
-}
-
-fn render_error(err: Error) -> (StatusCode, String) {
- match err {
- Error::NotFound(msg) => (StatusCode::NOT_FOUND, msg),
- Error::CsrfError(err) => (StatusCode::BAD_REQUEST, err.to_string()),
- }
-}
-
-async fn route(req: &mut Parts, body: Body) -> Result<Response, Error> {
- match (&req.method, req.uri.path()) {
- (&Method::GET, "/form") => Ok(get_form(req)),
- (&Method::POST, "/form") => post_form(req, body).await,
- _ => return Err(Error::NotFound("page not found".to_owned()))
- }
-}
-
-fn get_form(req: &mut Parts) -> Response {
- Builder::new()
- .content_type(mime::TEXT_HTML)
- .body(
- format!(
- "<form method=post><input name=text>{}<button>Submit</button></form>",
- CsrfToken::from_request(req).html_input()
- ).into()
- ).unwrap()
-}
-
-#[derive(Deserialize)]
-struct FormData {text: String}
-
-async fn post_form(req: &mut Parts, body: Body) -> Result<Response, Error> {
- let msg: FormData = body.into_form_csrf(req).await?;
- Ok(Builder::new().body(
- format!("hello {}", msg.text).into()
- ).unwrap())
-}
-
-async fn service(req: hyper::Request<hyper::Body>) -> Result<hyper::Response<hyper::Body>, Infallible> {
- let (mut parts, body) = req.into_parts();
- match route(&mut parts, body).await {
- Ok(mut res) => {
- for (k,v) in parts.response_headers().iter() {
- res.headers_mut().append(k, v.clone());
- }
- Ok(res)
- }
- Err(err) => {
- let (code, message) = render_error(err);
- // you can easily wrap or log errors here
- Ok(hyper::Response::builder().status(code).body(message.into()).unwrap())
- }
- }
-}
-
-#[tokio::main]
-async fn main() {
- let service = make_service_fn(move |_| {
- async move {
- Ok::<_, hyper::Error>(service_fn(move |req| {
- service(req)
- }))
- }
- });
-
- let addr = ([127, 0, 0, 1], 8000).into();
- let server = Server::bind(&addr).serve(service);
- println!("Listening on http://{}", addr);
- server.await;
-}
\ No newline at end of file
--
cgit v1.2.3