1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55
//! Ergonomic CSRF protection for Rocket applications.
//!
//! The main macro [`with_csrf_token`] enables CSRF protection for a given [`rocket::form::Form`].
//! Slap on a double submit cookie or a session based CSRF token and you're good to go.
//! Look at the examples/ folder for more detailed examples of all the functionality in a test app.
mod cookie;
mod form;
mod header;
mod proof;
mod token;
mod util;
mod verifier;
#[cfg(test)]
extern crate rocket;
#[cfg(test)]
mod example_app;
#[cfg(test)]
mod tests;
/// Macro to enable CSRF protection for a given [`rocket::form::Form`].
///
/// By default, it will add a String field called `csrf_token` and implement
/// [`WithUserProvidedCsrfToken`] so that the form can integrate
/// with the rest of the `rocket_csrf_guard` ecosystem for CSRF checks.
///
/// The behavior of this macro can be customized a little:
///
/// 1. If the form has a singular lifetime `'a`, the generated `csrf_token` field
/// will be of type `&'a str`
/// 2. If you would like to use a different name for the field, pass it as an argument,
/// like `#[with_csrf_token("field_name")]`
/// 3. If there is a pre-existing field with the specified (or default) name, no field
/// will be added - it will just implement the [`WithUserProvidedCsrfToken`] trait.
///
/// For more detailed examples, look at the `derive_` examples in the examples/ folder.
pub use rocket_csrf_guard_derive::with_csrf_token;
pub use cookie::{
DoubleSubmitCookieCsrfToken, SetDoubleSubmitCookieCsrfToken, SetLaxDoubleSubmitCookieCsrfToken,
SetNoneDoubleSubmitCookieCsrfToken_DO_NOT_USE_UNLESS_YOU_ARE_SURE,
DOUBLE_SUBMIT_CSRF_TOKEN_COOKIE_NAME,
};
pub use form::{CsrfProtectedForm, CsrfProtectedFormError, CsrfProtectedFormWithGuard};
pub use header::{
CheckCsrfProtectionHeader, CheckCsrfProtectionHeaderError, CsrfTokenSourcedFromHeader,
};
pub use proof::CsrfCheckProof;
pub use token::{
ManuallySourcedCsrfToken_DO_NOT_USE_UNLESS_YOU_ARE_SURE, WithUserProvidedCsrfToken,
};
pub use verifier::{CsrfTokenVerificationError, CsrfTokenVerifier, VerifierWithKnownExpectedToken};
pub type DoubleSubmitCookieCsrfProtectedForm<F> = CsrfProtectedForm<DoubleSubmitCookieCsrfToken, F>;