diff --git a/modules/web/http/csrf_token.cpp b/modules/web/http/csrf_token.cpp index 670e5bff7..8a8fb622f 100644 --- a/modules/web/http/csrf_token.cpp +++ b/modules/web/http/csrf_token.cpp @@ -1,27 +1,28 @@ #include "csrf_token.h" -#include "crypto/hash/sha256.h" +#include "core/crypto/crypto_core.h" +#include "core/os/os.h" +#include "http_server_enums.h" #include "http_session.h" -#include "request.h" -#include +#include "web_server_request.h" -bool CSRFTokenWebServerMiddleware::on_before_handle_request_main(Request *request) { +bool CSRFTokenWebServerMiddleware::_on_before_handle_request_main(Ref request) { switch (request->get_method()) { - case HTTP_METHOD_POST: - case HTTP_METHOD_DELETE: - case HTTP_METHOD_PATCH: - case HTTP_METHOD_PUT: { + case HTTPServerEnums::HTTP_METHOD_POST: + case HTTPServerEnums::HTTP_METHOD_DELETE: + case HTTPServerEnums::HTTP_METHOD_PATCH: + case HTTPServerEnums::HTTP_METHOD_PUT: { if (shold_ignore(request)) { return false; } if (!request->session.is_valid()) { - request->send_error(HTTP_STATUS_CODE_401_UNAUTHORIZED); + request->send_error(HTTPServerEnums::HTTP_STATUS_CODE_401_UNAUTHORIZED); return true; } if (!request->validate_csrf_token()) { - request->send_error(HTTP_STATUS_CODE_401_UNAUTHORIZED); + request->send_error(HTTPServerEnums::HTTP_STATUS_CODE_401_UNAUTHORIZED); return true; } @@ -43,11 +44,11 @@ bool CSRFTokenWebServerMiddleware::on_before_handle_request_main(Request *reques return false; } -bool CSRFTokenWebServerMiddleware::shold_ignore(Request *request) { - const String &path = request->get_path_full(); +bool CSRFTokenWebServerMiddleware::shold_ignore(Ref request) { + String path = request->get_path_full(); for (int i = 0; i < ignored_urls.size(); ++i) { - if (path.starts_with(ignored_urls[i])) { + if (path.begins_with(ignored_urls[i])) { return true; } } @@ -56,14 +57,15 @@ bool CSRFTokenWebServerMiddleware::shold_ignore(Request *request) { } String CSRFTokenWebServerMiddleware::create_token() { - Ref h = SHA256::get(); + String s = String::num(OS::get_singleton()->get_unix_time()); - String s = h->compute(String::num(time(NULL))); - - return s.substr(0, 10); + return s.sha256_text().substr(0, 10); } CSRFTokenWebServerMiddleware::CSRFTokenWebServerMiddleware() { } CSRFTokenWebServerMiddleware::~CSRFTokenWebServerMiddleware() { } + +void CSRFTokenWebServerMiddleware::_bind_methods() { +} diff --git a/modules/web/http/csrf_token.h b/modules/web/http/csrf_token.h index 770d7b1ed..79ccbfc80 100644 --- a/modules/web/http/csrf_token.h +++ b/modules/web/http/csrf_token.h @@ -1,21 +1,21 @@ -#ifndef CSRF_TOKEN_H -#define CSRF_TOKEN_H +#ifndef CSRF_TOKEN_MIDDLEWARE_H +#define CSRF_TOKEN_MIDDLEWARE_H -#include "middleware.h" +#include "web_server_middleware.h" -#include "core/containers/vector.h" -#include "core/string.h" +#include "core/ustring.h" +#include "core/vector.h" -class Request; +class WebServerRequest; class CSRFTokenWebServerMiddleware : public WebServerMiddleware { - RCPP_OBJECT(CSRFTokenWebServerMiddleware, WebServerMiddleware); + GDCLASS(CSRFTokenWebServerMiddleware, WebServerMiddleware); public: //returnring true means handled, false means continue - bool on_before_handle_request_main(Request *request); + bool _on_before_handle_request_main(Ref request); - bool shold_ignore(Request *request); + bool shold_ignore(Ref request); virtual String create_token(); @@ -23,6 +23,9 @@ public: ~CSRFTokenWebServerMiddleware(); Vector ignored_urls; + +protected: + static void _bind_methods(); }; #endif diff --git a/modules/web/http/web_server_middleware.cpp b/modules/web/http/web_server_middleware.cpp index 970f1c50e..44038e8b2 100644 --- a/modules/web/http/web_server_middleware.cpp +++ b/modules/web/http/web_server_middleware.cpp @@ -1,15 +1,26 @@ -#include "middleware.h" +#include "web_server_middleware.h" -#include "request.h" +#include "web_server_request.h" -bool WebServerMiddleware::on_before_handle_request_main(Request *request) { +bool WebServerMiddleware::on_before_handle_request_main(Ref request) { + return call("_on_before_handle_request_main", request); +} + +bool WebServerMiddleware::_on_before_handle_request_main(Ref request) { return false; } -WebServerMiddleware::WebServerMiddleware() : - Reference() { +WebServerMiddleware::WebServerMiddleware() { } WebServerMiddleware::~WebServerMiddleware() { } + +void WebServerMiddleware::_bind_methods() { + BIND_VMETHOD(MethodInfo("_on_before_handle_request_main", PropertyInfo(Variant::OBJECT, "request", PROPERTY_HINT_RESOURCE_TYPE, "WebServerRequest"))); + + ClassDB::bind_method(D_METHOD("on_before_handle_request_main", "request"), &WebServerMiddleware::on_before_handle_request_main); + + ClassDB::bind_method(D_METHOD("_on_before_handle_request_main", "request"), &WebServerMiddleware::_on_before_handle_request_main); +} diff --git a/modules/web/http/web_server_middleware.h b/modules/web/http/web_server_middleware.h index 77554dba9..00a495d1a 100644 --- a/modules/web/http/web_server_middleware.h +++ b/modules/web/http/web_server_middleware.h @@ -1,21 +1,26 @@ -#ifndef MIDDLEWARE_H -#define MIDDLEWARE_H +#ifndef WEB_SERVRER_MIDDLEWARE_H +#define WEB_SERVRER_MIDDLEWARE_H -#include "core/string.h" +#include "core/ustring.h" #include "core/reference.h" -class Request; +class WebServerRequest; class WebServerMiddleware : public Reference { - RCPP_OBJECT(WebServerMiddleware, Reference); + GDCLASS(WebServerMiddleware, Reference); public: //returnring true means handled, false, means continue - virtual bool on_before_handle_request_main(Request *request); + bool on_before_handle_request_main(Ref request); + + virtual bool _on_before_handle_request_main(Ref request); WebServerMiddleware(); ~WebServerMiddleware(); + +protected: + static void _bind_methods(); }; #endif