actix-csrf 0.7.0

CSRF middleware for Actix
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

//! Token generators and related crypto functions.

use base64::URL_SAFE_NO_PAD;
use rand::{CryptoRng, Error, Fill, RngCore};

/// Used to generate CSRF tokens.
///
/// This trait is used to generate a token that can be used as a CSRF token. It
/// is implemented for all CSRNG (Cryptographically Secure RNG) types. This
/// should not be implemented directly; instead, implement [`CryptoRng`] and
/// [`RngCore`] instead.
///
/// Implementors of this trait should generate a token that's difficult to
/// guess and is safe to store as a cookie. For blanket implementations, this
/// is 32 bytes of random data, encoded as base64 without padding.
pub trait TokenRng: CryptoRng {
    /// Generates a CSRF token.
    ///
    /// # Errors
    ///
    /// Returns an error if the underlying RNG fails to generate a token.
    fn generate_token(&mut self) -> Result<String, Error>;
}

impl<Rng: CryptoRng + RngCore> TokenRng for Rng {
    fn generate_token(&mut self) -> Result<String, Error> {
        let mut buf = [0; 32];
        buf.try_fill(self)?;
        Ok(base64::encode_config(buf, URL_SAFE_NO_PAD))
    }
}