Sky/Moonshark
1
0
Fork 0
Code Issues Releases Activity
Moonshark/runner/lua/csrf.lua

34 lines
897 B
Lua
Raw Blame History

-- csrf.lua
function csrf_generate()
local token = generate_token(32)
session_set("_csrf_token", token)
return token
end
function csrf_field()
local token = session_get("_csrf_token")
if not token then
token = csrf_generate()
end
return string.format('<input type="hidden" name="_csrf_token" value="%s" />',
html_special_chars(token))
end
function csrf_validate()
local token = __ctx.session and __ctx.session.data and __ctx.session.data["_csrf_token"]
if not token then
__response.status = 403
coroutine.yield("__EXIT__")
end
local request_token = (__ctx._request_form and __ctx._request_form._csrf_token) or
(__ctx._request_headers and (__ctx._request_headers["x-csrf-token"] or __ctx._request_headers["csrf-token"]))
if not request_token or request_token ~= token then
__response.status = 403
coroutine.yield("__EXIT__")
end
return true
end
Reference in New Issue View Git Blame Copy Permalink