mirror of
https://github.com/Relintai/rcpp_framework.git
synced 2025-02-20 15:14:26 +01:00
Core support for csrf tokens.
This commit is contained in:
parent
a119251e09
commit
3c8d2eaed9
@ -1,6 +1,8 @@
|
||||
#include "html_builder.h"
|
||||
#include "core/string.h"
|
||||
|
||||
#include "core/http/request.h"
|
||||
|
||||
HTMLTag *HTMLTag::str(const String &str) {
|
||||
result += " " + str;
|
||||
|
||||
@ -796,7 +798,7 @@ HTMLTag *HTMLBuilder::abbr() {
|
||||
return tag.start("abbr");
|
||||
}
|
||||
|
||||
HTMLTag *HTMLBuilder::acronym() { //Not supported in HTML5. Use <abbr> instead. Defines an acronym
|
||||
HTMLTag *HTMLBuilder::acronym() { // Not supported in HTML5. Use <abbr> instead. Defines an acronym
|
||||
write_tag();
|
||||
|
||||
return tag.start("acronym");
|
||||
@ -808,7 +810,7 @@ HTMLTag *HTMLBuilder::address() {
|
||||
return tag.start("address");
|
||||
}
|
||||
|
||||
HTMLTag *HTMLBuilder::applet() { //Not supported in HTML5. Use <embed> or <object> instead. Defines an embedded applet
|
||||
HTMLTag *HTMLBuilder::applet() { // Not supported in HTML5. Use <embed> or <object> instead. Defines an embedded applet
|
||||
write_tag();
|
||||
|
||||
return tag.start("applet");
|
||||
@ -844,7 +846,7 @@ HTMLTag *HTMLBuilder::b() {
|
||||
return tag.start("b");
|
||||
}
|
||||
|
||||
HTMLTag *HTMLBuilder::basefont() { //Not supported in HTML5. Use CSS instead. Specifies a default color, size, and font for all text in a document
|
||||
HTMLTag *HTMLBuilder::basefont() { // Not supported in HTML5. Use CSS instead. Specifies a default color, size, and font for all text in a document
|
||||
write_tag();
|
||||
|
||||
return tag.start("basefont");
|
||||
@ -862,7 +864,7 @@ HTMLTag *HTMLBuilder::bdo() {
|
||||
return tag.start("bdo");
|
||||
}
|
||||
|
||||
HTMLTag *HTMLBuilder::big() { //Not supported in HTML5. Use CSS instead. Defines big text
|
||||
HTMLTag *HTMLBuilder::big() { // Not supported in HTML5. Use CSS instead. Defines big text
|
||||
write_tag();
|
||||
|
||||
return tag.start("big");
|
||||
@ -904,7 +906,7 @@ HTMLTag *HTMLBuilder::caption() {
|
||||
return tag.start("caption");
|
||||
}
|
||||
|
||||
HTMLTag *HTMLBuilder::center() { //Not supported in HTML5. Use CSS instead. Defines centered text
|
||||
HTMLTag *HTMLBuilder::center() { // Not supported in HTML5. Use CSS instead. Defines centered text
|
||||
write_tag();
|
||||
|
||||
return tag.start("center");
|
||||
@ -1029,7 +1031,7 @@ HTMLTag *HTMLBuilder::figure() {
|
||||
return tag.start("figure");
|
||||
}
|
||||
|
||||
HTMLTag *HTMLBuilder::font() { //Not supported in HTML5.
|
||||
HTMLTag *HTMLBuilder::font() { // Not supported in HTML5.
|
||||
write_tag();
|
||||
|
||||
return tag.start("font");
|
||||
@ -1047,13 +1049,13 @@ HTMLTag *HTMLBuilder::form() {
|
||||
return tag.start("form");
|
||||
}
|
||||
|
||||
HTMLTag *HTMLBuilder::frame() { //Not supported in HTML5.
|
||||
HTMLTag *HTMLBuilder::frame() { // Not supported in HTML5.
|
||||
write_tag();
|
||||
|
||||
return tag.start("frame");
|
||||
}
|
||||
|
||||
HTMLTag *HTMLBuilder::frameset() { //Not supported in HTML5.
|
||||
HTMLTag *HTMLBuilder::frameset() { // Not supported in HTML5.
|
||||
write_tag();
|
||||
|
||||
return tag.start("frameset");
|
||||
@ -1214,7 +1216,7 @@ HTMLTag *HTMLBuilder::nav() {
|
||||
return tag.start("nav");
|
||||
}
|
||||
|
||||
HTMLTag *HTMLBuilder::noframes() { //Not supported in HTML5.
|
||||
HTMLTag *HTMLBuilder::noframes() { // Not supported in HTML5.
|
||||
write_tag();
|
||||
|
||||
return tag.start("noframes");
|
||||
@ -1358,7 +1360,7 @@ HTMLTag *HTMLBuilder::span() {
|
||||
return tag.start("span");
|
||||
}
|
||||
|
||||
HTMLTag *HTMLBuilder::strike() { //Not supported in HTML5
|
||||
HTMLTag *HTMLBuilder::strike() { // Not supported in HTML5
|
||||
write_tag();
|
||||
|
||||
return tag.start("strike");
|
||||
@ -1472,7 +1474,7 @@ HTMLTag *HTMLBuilder::track() {
|
||||
return tag.start("track");
|
||||
}
|
||||
|
||||
HTMLTag *HTMLBuilder::tt() { //Not supported in HTML5.
|
||||
HTMLTag *HTMLBuilder::tt() { // Not supported in HTML5.
|
||||
write_tag();
|
||||
|
||||
return tag.start("tt");
|
||||
@ -1608,7 +1610,7 @@ HTMLBuilder *HTMLBuilder::foption(const String &value, const String &body, const
|
||||
return this;
|
||||
}
|
||||
|
||||
//Closing tags
|
||||
// Closing tags
|
||||
|
||||
HTMLBuilder *HTMLBuilder::ca() {
|
||||
write_tag();
|
||||
@ -2491,6 +2493,13 @@ HTMLTag *HTMLBuilder::form_post(const String &action, const String &cls, const S
|
||||
return t;
|
||||
}
|
||||
|
||||
HTMLBuilder *HTMLBuilder::form_post(const String &action, Request *request, const String &cls, const String &id) {
|
||||
form_post(action, cls, id);
|
||||
csrf_token(request);
|
||||
|
||||
return this;
|
||||
}
|
||||
|
||||
HTMLTag *HTMLBuilder::input_button() {
|
||||
write_tag();
|
||||
|
||||
@ -3211,7 +3220,7 @@ HTMLTag *HTMLBuilder::input_week(const String &name, const String &cls, const St
|
||||
return t;
|
||||
}
|
||||
|
||||
HTMLTag *HTMLBuilder::input_hidden(const String& name, const String& value) {
|
||||
HTMLTag *HTMLBuilder::input_hidden(const String &name, const String &value) {
|
||||
HTMLTag *t = input_hidden();
|
||||
|
||||
t->name(name);
|
||||
@ -3223,6 +3232,20 @@ HTMLTag *HTMLBuilder::input_hidden(const String& name, const String& value) {
|
||||
return t;
|
||||
}
|
||||
|
||||
HTMLBuilder *HTMLBuilder::csrf_token(const String &token) {
|
||||
if (token == "") {
|
||||
//don't waste html characters if it's an empty string anyway
|
||||
return this;
|
||||
}
|
||||
|
||||
input_hidden("csrf_token", token);
|
||||
|
||||
return this;
|
||||
}
|
||||
HTMLBuilder *HTMLBuilder::csrf_token(Request *request) {
|
||||
return csrf_token(request->get_csrf_token());
|
||||
}
|
||||
|
||||
void HTMLBuilder::f() {
|
||||
write_tag();
|
||||
}
|
||||
@ -3286,7 +3309,7 @@ HTMLBuilder *HTMLBuilder::wbs(const bool val) {
|
||||
return this;
|
||||
}
|
||||
|
||||
//TODO!
|
||||
// TODO!
|
||||
HTMLBuilder *HTMLBuilder::we(const String &val) {
|
||||
printf("HTMLBuilder::write_excaped NYI!");
|
||||
|
||||
|
||||
@ -118,7 +118,7 @@ public:
|
||||
HTMLTag *action(const String &val);
|
||||
HTMLTag *type(const String &val);
|
||||
HTMLTag *placeholder(const String &val);
|
||||
HTMLTag *fora(const String &val); //for attrib -> for is reserved keyword
|
||||
HTMLTag *fora(const String &val); // for attrib -> for is reserved keyword
|
||||
HTMLTag *rel(const String &val);
|
||||
HTMLTag *rel_stylesheet();
|
||||
HTMLTag *charset(const String &val);
|
||||
@ -181,25 +181,25 @@ public:
|
||||
|
||||
HTMLTag *a();
|
||||
HTMLTag *abbr();
|
||||
HTMLTag *acronym(); //Not supported in HTML5.
|
||||
HTMLTag *acronym(); // Not supported in HTML5.
|
||||
HTMLTag *address();
|
||||
HTMLTag *applet(); //Not supported in HTML5.
|
||||
HTMLTag *applet(); // Not supported in HTML5.
|
||||
HTMLTag *area();
|
||||
HTMLTag *article();
|
||||
HTMLTag *aside();
|
||||
HTMLTag *audio();
|
||||
HTMLTag *b();
|
||||
HTMLTag *basefont(); //Not supported in HTML5.
|
||||
HTMLTag *basefont(); // Not supported in HTML5.
|
||||
HTMLTag *bdi();
|
||||
HTMLTag *bdo();
|
||||
HTMLTag *big(); //Not supported in HTML5.
|
||||
HTMLTag *big(); // Not supported in HTML5.
|
||||
HTMLTag *blockquote();
|
||||
HTMLTag *body();
|
||||
HTMLTag *br();
|
||||
HTMLTag *button();
|
||||
HTMLTag *canvas();
|
||||
HTMLTag *caption();
|
||||
HTMLTag *center(); //Not supported in HTML5.
|
||||
HTMLTag *center(); // Not supported in HTML5.
|
||||
HTMLTag *cite();
|
||||
HTMLTag *code();
|
||||
HTMLTag *col();
|
||||
@ -220,11 +220,11 @@ public:
|
||||
HTMLTag *fieldset();
|
||||
HTMLTag *figcaption();
|
||||
HTMLTag *figure();
|
||||
HTMLTag *font(); //Not supported in HTML5.
|
||||
HTMLTag *font(); // Not supported in HTML5.
|
||||
HTMLTag *footer();
|
||||
HTMLTag *form();
|
||||
HTMLTag *frame(); //Not supported in HTML5.
|
||||
HTMLTag *frameset(); //Not supported in HTML5.
|
||||
HTMLTag *frame(); // Not supported in HTML5.
|
||||
HTMLTag *frameset(); // Not supported in HTML5.
|
||||
HTMLTag *h1();
|
||||
HTMLTag *h2();
|
||||
HTMLTag *h3();
|
||||
@ -253,7 +253,7 @@ public:
|
||||
HTMLTag *meter();
|
||||
|
||||
HTMLTag *nav();
|
||||
HTMLTag *noframes(); //Not supported in HTML5.
|
||||
HTMLTag *noframes(); // Not supported in HTML5.
|
||||
HTMLTag *noscript();
|
||||
HTMLTag *object();
|
||||
HTMLTag *ol();
|
||||
@ -278,7 +278,7 @@ public:
|
||||
HTMLTag *small();
|
||||
HTMLTag *source();
|
||||
HTMLTag *span();
|
||||
HTMLTag *strike(); //Not supported in HTML5
|
||||
HTMLTag *strike(); // Not supported in HTML5
|
||||
HTMLTag *strong();
|
||||
HTMLTag *style();
|
||||
HTMLTag *sub();
|
||||
@ -298,30 +298,30 @@ public:
|
||||
HTMLTag *title();
|
||||
HTMLTag *tr();
|
||||
HTMLTag *track();
|
||||
HTMLTag *tt(); //Not supported in HTML5.
|
||||
HTMLTag *tt(); // Not supported in HTML5.
|
||||
HTMLTag *u();
|
||||
HTMLTag *ul();
|
||||
HTMLTag *var();
|
||||
HTMLTag *video();
|
||||
HTMLTag *wbr();
|
||||
|
||||
HTMLTag *a(const String& href, const String& cls = "", const String& id = "");
|
||||
HTMLBuilder *fa(const String& href, const String& body, const String& cls = "", const String& id = "");
|
||||
HTMLTag *a(const String &href, const String &cls = "", const String &id = "");
|
||||
HTMLBuilder *fa(const String &href, const String &body, const String &cls = "", const String &id = "");
|
||||
|
||||
HTMLTag *div(const String& cls, const String& id = "");
|
||||
HTMLBuilder *fdiv(const String& body, const String& cls = "", const String& id = "");
|
||||
HTMLTag *div(const String &cls, const String &id = "");
|
||||
HTMLBuilder *fdiv(const String &body, const String &cls = "", const String &id = "");
|
||||
|
||||
HTMLTag *textarea(const String& name, const String& cls = "", const String& id = "");
|
||||
HTMLBuilder *ftextarea(const String& name, const String& body, const String& cls = "", const String& id = "");
|
||||
HTMLTag *textarea(const String &name, const String &cls = "", const String &id = "");
|
||||
HTMLBuilder *ftextarea(const String &name, const String &body, const String &cls = "", const String &id = "");
|
||||
|
||||
HTMLTag *select(const String& name, const String& cls = "", const String& id = "");
|
||||
HTMLTag *select(const String &name, const String &cls = "", const String &id = "");
|
||||
|
||||
HTMLTag *option(const String& value);
|
||||
HTMLBuilder *foption(const String& value, const String& body, const bool selected = false);
|
||||
HTMLTag *option(const String &value);
|
||||
HTMLBuilder *foption(const String &value, const String &body, const bool selected = false);
|
||||
|
||||
//closing tags c prefix means close
|
||||
//Note simple tags should not have these like <br>
|
||||
//Note that I might have a few that shouldn't be here, those will be removed as I find them
|
||||
// closing tags c prefix means close
|
||||
// Note simple tags should not have these like <br>
|
||||
// Note that I might have a few that shouldn't be here, those will be removed as I find them
|
||||
HTMLBuilder *ca();
|
||||
HTMLBuilder *cabbr();
|
||||
HTMLBuilder *cacronym();
|
||||
@ -451,8 +451,10 @@ public:
|
||||
|
||||
HTMLTag *form_get();
|
||||
HTMLTag *form_post();
|
||||
HTMLTag *form_get(const String& action, const String& cls = "", const String& id = "");
|
||||
HTMLTag *form_post(const String& action, const String& cls = "", const String& id = "");
|
||||
HTMLTag *form_get(const String &action, const String &cls = "", const String &id = "");
|
||||
HTMLTag *form_post(const String &action, const String &cls = "", const String &id = "");
|
||||
//will add a csrf token from request
|
||||
HTMLBuilder *form_post(const String &action, Request *request, const String &cls = "", const String &id = "");
|
||||
|
||||
HTMLTag *input_button();
|
||||
HTMLTag *input_checkbox();
|
||||
@ -477,34 +479,37 @@ public:
|
||||
HTMLTag *input_url();
|
||||
HTMLTag *input_week();
|
||||
|
||||
HTMLBuilder *label(const String& pfor, const String& plabel, const String& cls = "", const String& id = "");
|
||||
HTMLBuilder *label(const String &pfor, const String &plabel, const String &cls = "", const String &id = "");
|
||||
|
||||
HTMLTag *input_button(const String& name, const String& value = "", const String& cls = "", const String& id = "");
|
||||
HTMLTag *input_checkbox(const String& name, const String& value = "", const String& cls = "", const String& id = "");
|
||||
HTMLTag *input_color(const String& name, const String& value = "", const String& cls = "", const String& id = "");
|
||||
HTMLTag *input_date(const String& name, const String& value = "", const String& cls = "", const String& id = "", const String& date_min = "", const String& date_max = "", const String& date_step = "");
|
||||
HTMLTag *input_datetime_local(const String& name, const String& value = "", const String& cls = "", const String& id = "", const String& date_min = "", const String& date_max = "", const String& date_step = "");
|
||||
HTMLTag *input_email(const String& name, const String& value = "", const String& placeholder = "", const String& cls = "", const String& id = "");
|
||||
HTMLTag *input_file(const String& name, const String& accept = "", const String& cls = "", const String& id = "");
|
||||
HTMLTag *input_image(const String& name, const String& src = "", const String& alt = "", const String& cls = "", const String& id = "", const int width = 0, const int height = 0);
|
||||
HTMLTag *input_month(const String& name, const String& cls = "", const String& id = "");
|
||||
HTMLTag *input_number(const String& name, const String& = "", const String& = "", const String& cls = "", const String& id = "");
|
||||
HTMLTag *input_password(const String& name, const String& value = "", const String& placeholder = "", const String& cls = "", const String& id = "", const String& minlength = "", const String& maxlength = "", const String& size = "");
|
||||
HTMLTag *input_radio(const String& name, const String& value = "", const String& cls = "", const String& id = "");
|
||||
HTMLTag *input_range(const String& name, const String& value = "", const String& vmin = "", const String& vmax = "", const String& vstep = "", const String& cls = "", const String& id = "");
|
||||
HTMLTag *input_reset(const String& name, const String& value = "", const String& cls = "", const String& id = "");
|
||||
HTMLTag *input_search(const String& name, const String& value = "", const String& placeholder = "", const String& cls = "", const String& id = "", const String& minlength = "", const String& maxlength = "", const String& size = "", const String& pattern = "");
|
||||
HTMLTag *input_submit(const String& value, const String& cls = "", const String& id = "");
|
||||
HTMLTag *input_tel(const String& name, const String& value = "", const String& placeholder = "", const String& cls = "", const String& id = "", const String& minlength = "", const String& maxlength = "", const String& size = "", const String& pattern = "");
|
||||
HTMLTag *input_text(const String& name, const String& value = "", const String& placeholder = "", const String& cls = "", const String& id = "", const String& minlength = "", const String& maxlength = "", const String& size = "");
|
||||
HTMLTag *input_time(const String& name, const String& cls = "", const String& id = "", const String& vmin = "", const String& vmax = "", const String& vstep = "");
|
||||
HTMLTag *input_url(const String& name, const String& value = "", const String& placeholder = "", const String& cls = "", const String& id = "", const String& minlength = "", const String& maxlength = "", const String& size = "");
|
||||
HTMLTag *input_week(const String& name, const String& cls = "", const String& id = "", const String& vmin = "", const String& vmax = "");
|
||||
HTMLTag *input_hidden(const String& name, const String& value);
|
||||
HTMLTag *input_button(const String &name, const String &value = "", const String &cls = "", const String &id = "");
|
||||
HTMLTag *input_checkbox(const String &name, const String &value = "", const String &cls = "", const String &id = "");
|
||||
HTMLTag *input_color(const String &name, const String &value = "", const String &cls = "", const String &id = "");
|
||||
HTMLTag *input_date(const String &name, const String &value = "", const String &cls = "", const String &id = "", const String &date_min = "", const String &date_max = "", const String &date_step = "");
|
||||
HTMLTag *input_datetime_local(const String &name, const String &value = "", const String &cls = "", const String &id = "", const String &date_min = "", const String &date_max = "", const String &date_step = "");
|
||||
HTMLTag *input_email(const String &name, const String &value = "", const String &placeholder = "", const String &cls = "", const String &id = "");
|
||||
HTMLTag *input_file(const String &name, const String &accept = "", const String &cls = "", const String &id = "");
|
||||
HTMLTag *input_image(const String &name, const String &src = "", const String &alt = "", const String &cls = "", const String &id = "", const int width = 0, const int height = 0);
|
||||
HTMLTag *input_month(const String &name, const String &cls = "", const String &id = "");
|
||||
HTMLTag *input_number(const String &name, const String & = "", const String & = "", const String &cls = "", const String &id = "");
|
||||
HTMLTag *input_password(const String &name, const String &value = "", const String &placeholder = "", const String &cls = "", const String &id = "", const String &minlength = "", const String &maxlength = "", const String &size = "");
|
||||
HTMLTag *input_radio(const String &name, const String &value = "", const String &cls = "", const String &id = "");
|
||||
HTMLTag *input_range(const String &name, const String &value = "", const String &vmin = "", const String &vmax = "", const String &vstep = "", const String &cls = "", const String &id = "");
|
||||
HTMLTag *input_reset(const String &name, const String &value = "", const String &cls = "", const String &id = "");
|
||||
HTMLTag *input_search(const String &name, const String &value = "", const String &placeholder = "", const String &cls = "", const String &id = "", const String &minlength = "", const String &maxlength = "", const String &size = "", const String &pattern = "");
|
||||
HTMLTag *input_submit(const String &value, const String &cls = "", const String &id = "");
|
||||
HTMLTag *input_tel(const String &name, const String &value = "", const String &placeholder = "", const String &cls = "", const String &id = "", const String &minlength = "", const String &maxlength = "", const String &size = "", const String &pattern = "");
|
||||
HTMLTag *input_text(const String &name, const String &value = "", const String &placeholder = "", const String &cls = "", const String &id = "", const String &minlength = "", const String &maxlength = "", const String &size = "");
|
||||
HTMLTag *input_time(const String &name, const String &cls = "", const String &id = "", const String &vmin = "", const String &vmax = "", const String &vstep = "");
|
||||
HTMLTag *input_url(const String &name, const String &value = "", const String &placeholder = "", const String &cls = "", const String &id = "", const String &minlength = "", const String &maxlength = "", const String &size = "");
|
||||
HTMLTag *input_week(const String &name, const String &cls = "", const String &id = "", const String &vmin = "", const String &vmax = "");
|
||||
HTMLTag *input_hidden(const String &name, const String &value);
|
||||
|
||||
HTMLBuilder *csrf_token(const String &token);
|
||||
HTMLBuilder *csrf_token(Request *request);
|
||||
|
||||
void f();
|
||||
|
||||
//write
|
||||
// write
|
||||
HTMLBuilder *w(const String &val);
|
||||
|
||||
HTMLBuilder *wn(const double val, int p_decimals = -1);
|
||||
@ -515,7 +520,7 @@ public:
|
||||
HTMLBuilder *wbn(const bool val);
|
||||
HTMLBuilder *wbs(const bool val);
|
||||
|
||||
//write_escaped
|
||||
// write_escaped
|
||||
HTMLBuilder *we(const String &val);
|
||||
|
||||
HTMLBuilder *write_tag();
|
||||
|
||||
@ -22,6 +22,9 @@ bool HTTPSession::has(const String &key) {
|
||||
Variant HTTPSession::get(const String &key) {
|
||||
return _data[key];
|
||||
}
|
||||
const Variant &HTTPSession::get_const(const String &key) {
|
||||
return _data[key];
|
||||
}
|
||||
|
||||
Object *HTTPSession::get_object(const String &key) {
|
||||
// don't lock here
|
||||
|
||||
@ -19,6 +19,7 @@ public:
|
||||
bool has(const String &key);
|
||||
|
||||
Variant get(const String &key);
|
||||
const Variant &get_const(const String &key);
|
||||
Object *get_object(const String &key);
|
||||
Ref<Reference> get_reference(const String &key);
|
||||
int get_int(const String &key);
|
||||
|
||||
@ -18,6 +18,20 @@ Ref<HTTPSession> Request::get_or_create_session() {
|
||||
return session;
|
||||
}
|
||||
|
||||
String Request::get_csrf_token() {
|
||||
if (!session.is_valid()) {
|
||||
return "";
|
||||
}
|
||||
|
||||
const Variant &val = session->get_const("csrf_token");
|
||||
|
||||
if (val.is_simple_type()) {
|
||||
return val.to_string();
|
||||
}
|
||||
|
||||
return "";
|
||||
}
|
||||
|
||||
const String Request::get_cookie(const String &key) {
|
||||
static String str(0);
|
||||
return str;
|
||||
|
||||
@ -39,6 +39,7 @@ public:
|
||||
std::map<String, Ref<Reference> > reference_data;
|
||||
|
||||
Ref<HTTPSession> get_or_create_session();
|
||||
String get_csrf_token();
|
||||
|
||||
virtual const String get_cookie(const String &key);
|
||||
virtual void add_cookie(const ::Cookie &cookie);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user