use actix_web::{get, post, web, HttpRequest, Responder}; use maud::html; use serde::Deserialize; use tokio::sync::Mutex; #[derive(Debug, Deserialize)] pub struct CsrfForm { name: String, csrf: String, } #[post("/csrf")] pub async fn csrf_page(r: HttpRequest, f: web::Form) -> impl Responder { let csrf: &web::Data> = r.app_data().unwrap(); // check for valid CSRF token let content = if csrf.lock().await.verify_token(&f.csrf) { html! { p { "CSRF Token is valid"}; p { (format!("You submitted {}", f.name))} } .into_string() } else { html! { p { "Token invalid"}; } .into_string() }; // return response web_base::func::build_site(&r, "CSRF", &content) } #[get("/")] pub(crate) async fn index(r: HttpRequest) -> impl Responder { // get CSRF struct let csrf: &web::Data> = r.app_data().unwrap(); // get CSRF token let csrf = csrf.lock().await.get_token(); let content = html!( form action="/csrf" method="post" { input type="text" name="name" placeholder="Your Name"; input type="hidden" name="csrf" value=(csrf); input type="submit"; } ) .into_string(); web_base::func::build_site(&r, "Index", &content) } #[actix_web::main] async fn main() -> std::io::Result<()> { web_base::map!( web_base::Site::new() .enable_bootstrap(false) .enable_picocss(false) .enable_csrf(true), |app: actix_web::App<_>| { app.service(index).service(csrf_page) } ) .bind(("0.0.0.0".to_string(), 8080))? .run() .await }