From 901af1c43c4e85ff9e3e053fda72b8f1f40a7620 Mon Sep 17 00:00:00 2001 From: JMARyA Date: Wed, 8 Jan 2025 20:46:01 +0100 Subject: [PATCH] update csrf --- src/auth/csrf.rs | 12 +++++++++++- src/format.rs | 1 - 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/src/auth/csrf.rs b/src/auth/csrf.rs index 74cb84d..d59fa1d 100644 --- a/src/auth/csrf.rs +++ b/src/auth/csrf.rs @@ -1,3 +1,5 @@ +use maud::{PreEscaped, html}; + use super::User; use crate::get_pg; use std::str::FromStr; @@ -5,9 +7,17 @@ use std::str::FromStr; pub trait CSRF { fn get_csrf(&self) -> impl std::future::Future; fn verify_csrf(&self, csrf: &str) -> impl std::future::Future; + fn update_csrf(&self) -> impl std::future::Future>; } impl CSRF for User { + /// Javascript to update the `value` of an element with id `csrf`. + /// + /// This is useful for htmx requests to update the CSRF token in place. + async fn update_csrf(&self) -> PreEscaped { + html! { script { (format!("document.getElementById('csrf').value = '{}';", self.get_csrf().await)) }; } + } + /// Get CSRF Token for the current session async fn get_csrf(&self) -> uuid::Uuid { let res: (uuid::Uuid,) = sqlx::query_as("SELECT csrf FROM user_session WHERE token = $1") @@ -21,7 +31,7 @@ impl CSRF for User { /// Verify CSRF and generate a new one async fn verify_csrf(&self, csrf: &str) -> bool { - if self.get_csrf().await == uuid::Uuid::from_str(csrf).unwrap() { + if self.get_csrf().await == uuid::Uuid::from_str(csrf).unwrap_or_default() { sqlx::query("UPDATE user_session SET csrf = gen_random_uuid() WHERE token = $1") .bind(&self.session) .execute(get_pg!()) diff --git a/src/format.rs b/src/format.rs index b44f0a4..7b60d78 100644 --- a/src/format.rs +++ b/src/format.rs @@ -42,7 +42,6 @@ pub fn format_date(date: &chrono::NaiveDate) -> String { pub fn format_number(num: i32) -> String { let mut str = num.to_string(); let mut result = String::new(); - let mut count = 0; str = str.chars().rev().collect();