From 78c4b9a7bb0ab961fa4cf24580f6f66b35fc6769 Mon Sep 17 00:00:00 2001 From: Hitalo Souza <63821277+enghitalo@users.noreply.github.com> Date: Sat, 29 Oct 2022 00:33:48 -0300 Subject: [PATCH] doc: one single file for vweb (#16248) --- vlib/vweb/README.md | 66 ++++++++++++++++++++++++++++++++++++++++ vlib/vweb/csrf/README.md | 66 ---------------------------------------- 2 files changed, 66 insertions(+), 66 deletions(-) delete mode 100644 vlib/vweb/csrf/README.md diff --git a/vlib/vweb/README.md b/vlib/vweb/README.md index e8a31698b6..b3acc75d3e 100644 --- a/vlib/vweb/README.md +++ b/vlib/vweb/README.md @@ -586,3 +586,69 @@ pub fn (mut app App) error() vweb.Result { println(app.form_error) //'vweb error: here as an error' } ``` +# Cross-Site Request Forgery (CSRF) protection +## Provides protection against Cross-Site Request Forgery + +## Usage + +When building a csrf-protected service, first of all create a `struct`that implements `csrf.App` + +```v ignore +module main + +import vweb +import vweb.csrf + +// embeds the csrf.App struct in order to empower the struct to protect against CSRF +struct App { + csrf.App +} +``` + +Start a server e.g. in the main function. + +```v ignore +fn main() { + vweb.run_at(&App{}, vweb.RunParams{ + port: 8080 + }) or { panic(err) } +} +``` + +### Enable CSRF-protection + +Then add a handler-function to define on which route or on which site the CSRF-Token shall be set. + +```v ignore +fn (mut app App) index() vweb.Result { + + // Set a Csrf-Cookie (Token will be generated automatically) + app.set_csrf_cookie() + + // Get the token-value from the csrf-cookie that was just setted + token := app.get_csrf_token() or { panic(err) } + + return app.text("Csrf-Token set! It's value is: $token") +} +``` + +If you want to set the cookies's HttpOnly-status to false in order to make it + accessible to scripts on your site, you can do it like this: +`app.set_csrf_cookie(csrf.HttpOnly{false})` +If no argument is passed the value will be set to true by default. + + +### Protect against CSRF + +If you want to protect a route or a site against CSRF just add +`app.csrf_protect()` at the beginning of the handler-function. + +```v ignore +fn (mut app App) foo() vweb.Result { + // Protect this handler-function against CSRF + app.csrf_protect() + return app.text("Checked and passed csrf-guard") +} +``` + + diff --git a/vlib/vweb/csrf/README.md b/vlib/vweb/csrf/README.md deleted file mode 100644 index 1cc23662d4..0000000000 --- a/vlib/vweb/csrf/README.md +++ /dev/null @@ -1,66 +0,0 @@ -# vweb.csrf - Provides protection against Cross-site request forgery (CSRF) -# for web apps written with vweb - -## Usage - -When building a csrf-protected service, first of all create a `struct`that implements `csrf.App` - -```v ignore -module main - -import vweb -import vweb.csrf - -// embeds the csrf.App struct in order to empower the struct to protect against CSRF -struct App { - csrf.App -} -``` - -Start a server e.g. in the main function. - -```v ignore -fn main() { - vweb.run_at(&App{}, vweb.RunParams{ - port: 8080 - }) or { panic(err) } -} -``` - -### Enable CSRF-protection - -Then add a handler-function to define on which route or on which site the CSRF-Token shall be set. - -```v ignore -fn (mut app App) index() vweb.Result { - - // Set a Csrf-Cookie (Token will be generated automatically) - app.set_csrf_cookie() - - // Get the token-value from the csrf-cookie that was just setted - token := app.get_csrf_token() or { panic(err) } - - return app.text("Csrf-Token set! It's value is: $token") -} -``` - -If you want to set the cookies's HttpOnly-status to false in order to make it - accessible to scripts on your site, you can do it like this: -`app.set_csrf_cookie(csrf.HttpOnly{false})` -If no argument is passed the value will be set to true by default. - - -### Protect against CSRF - -If you want to protect a route or a site against CSRF just add -`app.csrf_protect()` at the beginning of the handler-function. - -```v ignore -fn (mut app App) foo() vweb.Result { - // Protect this handler-function against CSRF - app.csrf_protect() - return app.text("Checked and passed csrf-guard") -} -``` - -