1
0
mirror of https://github.com/vlang/v.git synced 2023-08-10 21:13:21 +03:00
v/vlib/vweb/csrf/create_cookie.v

57 lines
1.6 KiB
V

module csrf
import rand
const chars = 'QWERTZUIOPASDFGHJKLYXCVBNMqwertzuiopasdfghjklyxcvbnm1234567890_-'
const cookie_key = '__Host-Csrf-Token'
// set_csrf_cookie - generates a CSRF-Token and sets the CSRF-Cookie. It is possible to set the HttpOnly-status of the cookie to false by adding an argument of the HttpOnly-struct like this:
// `app.set_csrf_cookie(csrf.HttpOnly{false})`
// If no argument is set, http_only will be set to `true`by default.
pub fn (mut app App) set_csrf_cookie(h ...HttpOnly) App {
mut http_only := true
if h.len > 0 {
http_only = h[0].http_only
}
cookie := create_cookie(http_only)
app = App{app.Context, cookie.value}
app.set_cookie(cookie)
return app
}
// generate - generates the CSRF-Token
fn generate() string {
mut out := ''
for _ in 0 .. 42 {
i := rand.intn(csrf.chars.len_utf8()) or {
panic('Error while trying to generate Csrf-Token: $err')
}
out = out + csrf.chars[i..i + 1]
}
return out
}
// create_cookie - creates the cookie
fn create_cookie(h bool) CsrfCookie {
return CsrfCookie{
name: csrf.cookie_key
value: generate()
path: '/'
max_age: 0
secure: true
http_only: h
}
}
// get_csrf_token - returns the CSRF-Token that has been set. Make sure that you set one by using `set_csrf_cookie()`. If it's value is empty or no cookie has been generated, the function will throw an error.
pub fn (mut app App) get_csrf_token() ?string {
if app.csrf_cookie_value != '' {
return app.csrf_cookie_value
} else {
return IError(CsrfError{
m: 'The CSRF-Token-Value is empty. Please check if you have setted a cookie!'
})
}
}