File tree 2 files changed +12
-13
lines changed
2 files changed +12
-13
lines changed Original file line number Diff line number Diff line change 3434function OnHttpRequest ()
3535 Params = GetParams ()
3636 PrepareMultiPartParams () -- if you handle file uploads
37- GenerateCSRFToken ()
3837
3938 -- Remove code if you do not use arangodb
4039 if (db_config ~= nil and db_config [" engine" == " arangodb" then
Original file line number Diff line number Diff line change 11CSRFToken = EncodeBase64 (GetRandomBytes (64 ))
22
3- GenerateCSRFToken = function ()
4- CSRFToken = EncodeBase64 (GetRandomBytes (64 ))
3+ CheckCSRFToken = function ()
4+ if GetMethod () == " POST" then
5+ local crypted_token = EncodeBase64 (GetCryptoHash (" SHA256" GetBodyParams ()[" authenticity_token" ENV [' SECRET_KEY'
6+ print (GetBodyParams ()[" authenticity_token" crypted_token , GetCookie (" _authenticity_token"
7+ assert (crypted_token == GetCookie (" _authenticity_token"
8+ end
9+ end
10+
11+ AuthenticityTokenTag = function ()
512 if GetCookie (" _authenticity_token" == nil then
13+ CSRFToken = EncodeBase64 (GetRandomBytes (64 ))
14+ print (CSRFToken , EncodeBase64 (GetCryptoHash (" SHA256" CSRFToken , ENV [' SECRET_KEY'
615 SetCookie (
716 " _authenticity_token"
8- EncodeBase64 (GetRandomBytes ( 64 )),
17+ EncodeBase64 (GetCryptoHash ( " SHA256 " , CSRFToken , ENV [ ' SECRET_KEY ' ] )),
918 {
1019 HttpOnly = true ,
1120 MaxAge = 60 * 30 ,
1221 SameSite = " Strict"
1322 } -- available for 30 minutes
1423 )
1524 end
16- end
17-
18- CheckCSRFToken = function ()
19- if GetMethod () == " POST" then
20- assert (GetBodyParams ()[" authenticity_token" == GetCookie (" _authenticity_token"
21- end
22- end
23-
24- AuthenticityTokenTag = function ()
2525 return ' <input type="hidden" name="authenticity_token" value="' .. CSRFToken .. ' " />'
2626end
You can’t perform that action at this time.
0 commit comments