Compare commits
2 commits
86dbdcf75d
...
901af1c43c
| Author | SHA1 | Date | |
|---|---|---|---|
901af1c43c
|
|||
|
dde84caa53
|
3 changed files with 25 additions and 5 deletions
|
|
@ -1,3 +1,5 @@
|
||||||
|
use maud::{PreEscaped, html};
|
||||||
|
|
||||||
use super::User;
|
use super::User;
|
||||||
use crate::get_pg;
|
use crate::get_pg;
|
||||||
use std::str::FromStr;
|
use std::str::FromStr;
|
||||||
|
|
@ -5,9 +7,17 @@ use std::str::FromStr;
|
||||||
pub trait CSRF {
|
pub trait CSRF {
|
||||||
fn get_csrf(&self) -> impl std::future::Future<Output = uuid::Uuid>;
|
fn get_csrf(&self) -> impl std::future::Future<Output = uuid::Uuid>;
|
||||||
fn verify_csrf(&self, csrf: &str) -> impl std::future::Future<Output = bool>;
|
fn verify_csrf(&self, csrf: &str) -> impl std::future::Future<Output = bool>;
|
||||||
|
fn update_csrf(&self) -> impl std::future::Future<Output = PreEscaped<String>>;
|
||||||
}
|
}
|
||||||
|
|
||||||
impl CSRF for User {
|
impl CSRF for User {
|
||||||
|
/// Javascript to update the `value` of an element with id `csrf`.
|
||||||
|
///
|
||||||
|
/// This is useful for htmx requests to update the CSRF token in place.
|
||||||
|
async fn update_csrf(&self) -> PreEscaped<String> {
|
||||||
|
html! { script { (format!("document.getElementById('csrf').value = '{}';", self.get_csrf().await)) }; }
|
||||||
|
}
|
||||||
|
|
||||||
/// Get CSRF Token for the current session
|
/// Get CSRF Token for the current session
|
||||||
async fn get_csrf(&self) -> uuid::Uuid {
|
async fn get_csrf(&self) -> uuid::Uuid {
|
||||||
let res: (uuid::Uuid,) = sqlx::query_as("SELECT csrf FROM user_session WHERE token = $1")
|
let res: (uuid::Uuid,) = sqlx::query_as("SELECT csrf FROM user_session WHERE token = $1")
|
||||||
|
|
@ -21,7 +31,7 @@ impl CSRF for User {
|
||||||
|
|
||||||
/// Verify CSRF and generate a new one
|
/// Verify CSRF and generate a new one
|
||||||
async fn verify_csrf(&self, csrf: &str) -> bool {
|
async fn verify_csrf(&self, csrf: &str) -> bool {
|
||||||
if self.get_csrf().await == uuid::Uuid::from_str(csrf).unwrap() {
|
if self.get_csrf().await == uuid::Uuid::from_str(csrf).unwrap_or_default() {
|
||||||
sqlx::query("UPDATE user_session SET csrf = gen_random_uuid() WHERE token = $1")
|
sqlx::query("UPDATE user_session SET csrf = gen_random_uuid() WHERE token = $1")
|
||||||
.bind(&self.session)
|
.bind(&self.session)
|
||||||
.execute(get_pg!())
|
.execute(get_pg!())
|
||||||
|
|
|
||||||
|
|
@ -36,12 +36,23 @@ pub fn format_date(date: &chrono::NaiveDate) -> String {
|
||||||
///
|
///
|
||||||
/// let number = 12345;
|
/// let number = 12345;
|
||||||
/// let formatted = format_number(number);
|
/// let formatted = format_number(number);
|
||||||
/// assert_eq!(formatted, "12345");
|
/// assert_eq!(formatted, "12.345");
|
||||||
/// ```
|
/// ```
|
||||||
#[must_use]
|
#[must_use]
|
||||||
pub fn format_number(num: i32) -> String {
|
pub fn format_number(num: i32) -> String {
|
||||||
// TODO : Implement custom formatting
|
let mut str = num.to_string();
|
||||||
num.to_string()
|
let mut result = String::new();
|
||||||
|
|
||||||
|
str = str.chars().rev().collect();
|
||||||
|
|
||||||
|
for (i, c) in str.chars().enumerate() {
|
||||||
|
if i != 0 && i % 3 == 0 {
|
||||||
|
result.push('.');
|
||||||
|
}
|
||||||
|
result.push(c);
|
||||||
|
}
|
||||||
|
|
||||||
|
result.chars().rev().collect()
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Converts a number of seconds into a formatted string in `HH:MM:SS` or `MM:SS` format.
|
/// Converts a number of seconds into a formatted string in `HH:MM:SS` or `MM:SS` format.
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,6 @@ pub mod page;
|
||||||
pub mod request;
|
pub mod request;
|
||||||
pub mod result;
|
pub mod result;
|
||||||
|
|
||||||
// TODO : API Pagination?
|
|
||||||
// TODO : CORS?
|
// TODO : CORS?
|
||||||
|
|
||||||
// Postgres
|
// Postgres
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue