SyedM/infinsweeper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add CSRF token support

Browse Source
This commit is contained in:
Syed Daanish
2025-09-03 15:36:28 +01:00
parent bdbf33098f
commit 0c2a8f3d98
7 changed files with 66 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
session.rb
View File

@@ -40,17 +40,22 @@ class Sessions
end
end
# TODO: Use .all here
def []=(key, val)
session = @request.cookies["session"]
session = session.nil? ? "{}" : Zlib::Inflate.inflate(Base64.decode64(session))
session = JSON.parse(session)
session[key] = val
Logman.log "Updated: #{key} to #{val}"
compressed = Zlib::Deflate.deflate(JSON.generate(session))
encoded = Base64.encode64(compressed)
@response.set_cookie("session",
value: encoded,
path: "/",
expires: Time.now + 360 * 24 * 60 * 60)
expires: Time.now + 360 * 24 * 60 * 60,
httponly: true,
secure: ENV_HASH["ENV"] == "prod",
samesite: :strict)
uid = session["user"]
DB["UPDATE SignedInUsers SET last_used_at = CURRENT_TIMESTAMP WHERE code = ?", uid].update if uid
rescue JSON::ParserError, Zlib::Error
@@ -79,13 +84,19 @@ class Sessions
@response.set_cookie("message",
value: val,
path: "/",
expires: Time.now + 360 * 24 * 60 * 60)
expires: Time.now + 360 * 24 * 60 * 60,
secure: ENV_HASH["ENV"] == "prod",
samesite: :strict)
end
def message
@request.cookies["message"]
end
def csrf_auth?
@request.env["HTTP_X_CSRF_TOKEN"] == self["csrf_token"]
end
def all
session = @request.cookies["session"]
session = session.nil? ? "{}" : Zlib::Inflate.inflate(Base64.decode64(session))
@@ -107,7 +118,10 @@ class Sessions
@response.set_cookie("session",
value: encoded,
path: "/",
expires: Time.now + 360 * 24 * 60 * 60)
expires: Time.now + 360 * 24 * 60 * 60,
httponly: true,
secure: ENV_HASH["ENV"] == "prod",
samesite: :strict)
rescue JSON::ParserError, Zlib::Error
@response.delete_cookie("session")
end