Library to Provide a CSRF (Cross-Site Request Forgery) protection layer. You must also include Tower_cookies in order to use this Library.
Add it to Axums via layer. ```rust
async fn main() { // Set the RUSTLOG, if it hasn't been explicitly defined if std::env::varos("RUSTLOG").isnone() { std::env::setvar("RUSTLOG", "exampletemplates=debug,towerhttp=debug") } tracing_subscriber::fmt::init();
let config = //load your config here.
let poll = init_pool(&config).unwrap();
let session_config = SqlxSessionConfig::default()
.with_database("test")
.with_table_name("test_table");
// build our application with some routes
let app = Router::new()
.route("/greet", get(greet))
.route("/check_key", post(check_key))
.layer(tower_cookies::CookieManagerLayer::new())
.layer(CsrfLayer::new(CsrfConfig::default()))
// run it
let addr = SocketAddr::from(([127, 0, 0, 1], 3000));
tracing::debug!("listening on {}", addr);
axum::Server::bind(&addr)
.serve(app.into_make_service())
.await
.unwrap();
} ```
Get the Hash for the Form to insert into the html for return. ```rust async fn greet(token: CsrfToken) -> impl IntoResponse { let keys = Keys { authenticitytoken: token.authenticitytoken(), }
HtmlTemplate(keys)
} ```
Insert it in the html form ```html
```
Add the Attribute to your form return structs ```rust
struct Keys { authenticity_token: String, // your attributes } ```
Validate the CSRF Key
rust
async fn check_key(token: CsrfToken, Form(payload): Form<Keys>,) -> &'static str {
if let Err(_) = token.verify(&payload.authenticity_token) {
"Token is invalid"
} else {
"Token is Valid lets do stuff!"
}
}