Library to Provide a CSRF (Cross-Site Request Forgery) protection layer.
Add it to Axums via layer. ```rust
async fn main() { let config = //load your config here. let poll = init_pool(&config).unwrap();
let session_config = SqlxSessionConfig::default()
.with_database("test")
.with_table_name("test_table");
// build our application with some routes
let app = Router::new()
.route("/greet", get(greet))
.route("/check_key", post(check_key))
.layer(CsrfLayer::new(CsrfConfig::default()));
// run it
let addr = SocketAddr::from(([127, 0, 0, 1], 3000));
axum::Server::bind(&addr)
.serve(app.into_make_service())
.await
.unwrap();
} ```
If you already have an encryption key for private cookies, build the layer a different way: ```rust let cookiekey = cookie::Key::generate(); // or from()/derivefrom()
let csrflayer = CsrfLayer::build() .config(CsrfConfig::default()) .key(cookiekey) .finish();
let app = Router::new() // ... .layer(csrf_layer); ```
Get the Hash for the Form to insert into the html for return. ```rust async fn greet(token: CsrfToken) -> impl IntoResponse { let keys = Keys { authenticitytoken: token.authenticitytoken(), }
//we must return the token so that into_response will run and add it to our response cookies.
(token, HtmlTemplate(keys))
} ```
Insert it in the html form ```html
```
Add the Attribute to your form return structs ```rust
struct Keys { authenticity_token: String, // your attributes } ```
Validate the CSRF Key
rust
async fn check_key(token: CsrfToken, Form(payload): Form<Keys>,) -> &'static str {
if let Err(_) = token.verify(&payload.authenticity_token) {
"Token is invalid"
} else {
"Token is Valid lets do stuff!"
}
}
If you need help with this library please go to our Discord Group