Added url ignore support for the csrf token middleware. Also properly implemented create_token.

core/http/csrf_token.cpp

@@ -3,6 +3,7 @@
 #include "core/hash/sha256.h"
 #include "http_session.h"
 #include "request.h"
+#include <time.h>
 
 bool CSRFTokenMiddleware::on_before_handle_request_main(Request *request) {
 	switch (request->get_method()) {
@@ -11,6 +12,10 @@ bool CSRFTokenMiddleware::on_before_handle_request_main(Request *request) {
 		case HTTP_METHOD_PATCH:
 		case HTTP_METHOD_PUT: {
 
+			if (shold_ignore(request)) {
+				return false;
+			}
+
 			if (!request->session.is_valid()) {
 				request->send_error(HTTP_STATUS_CODE_401_UNAUTHORIZED);
 				return true;
@@ -39,8 +44,24 @@ bool CSRFTokenMiddleware::on_before_handle_request_main(Request *request) {
 	return false;
 }
 
+bool CSRFTokenMiddleware::shold_ignore(Request *request) {
+	const String &path = request->get_path_full();
+
+	for (int i = 0; i < ignored_urls.size(); ++i) {
+		if (path.starts_with(ignored_urls[i])) {
+			return true;
+		}
+	}
+
+	return false;
+}
+
 String CSRFTokenMiddleware::create_token() {
-	return "test";
+	Ref<SHA256> h = SHA256::get();
+
+	String s = h->compute(String::num(time(NULL)));
+
+	return s.substr(0, 10);
 }
 
 CSRFTokenMiddleware::CSRFTokenMiddleware() {

core/http/csrf_token.h

@@ -3,6 +3,9 @@
 
 #include "middleware.h"
 
+#include "core/containers/vector.h"
+#include "core/string.h"
+
 class Request;
 
 class CSRFTokenMiddleware : public Middleware {
@@ -12,10 +15,14 @@ public:
 	//returnring true means handled, false means continue
 	bool on_before_handle_request_main(Request *request);
 
+	bool shold_ignore(Request *request);
+
 	virtual String create_token();
 
 	CSRFTokenMiddleware();
 	~CSRFTokenMiddleware();
+
+	Vector<String> ignored_urls;
 };
 
 #endif