cutelyst  4.4.0
A C++ Web Framework built on top of Qt, using the simple approach of Catalyst (Perl) framework.
csrfprotection.h
1 /*
2  * SPDX-FileCopyrightText: (C) 2017-2022 Matthias Fehring <mf@huessenbergnetz.de>
3  * SPDX-License-Identifier: BSD-3-Clause
4  */
5 
6 #ifndef CSRFPROTECTION_H
7 #define CSRFPROTECTION_H
8 
9 #include <Cutelyst/Plugin>
10 #include <Cutelyst/Plugins/csrfprotection_export.h>
11 
12 namespace Cutelyst {
13 
14 class Context;
15 class CSRFProtectionPrivate;
16 
233 class CUTELYST_PLUGIN_CSRFPROTECTION_EXPORT CSRFProtection
234  : public Plugin // clazy:exclude=ctor-missing-parent-argument
235 {
236  Q_OBJECT
237  Q_DECLARE_PRIVATE(CSRFProtection) // NOLINT(cppcoreguidelines-pro-type-reinterpret-cast)
238  Q_DISABLE_COPY(CSRFProtection)
239 public:
243  CSRFProtection(Application *parent);
244 
251  CSRFProtection(Application *parent, const QVariantMap &defaultConfig);
252 
256  ~CSRFProtection() override;
257 
264  void setDefaultDetachTo(const QString &actionNameOrPath);
265 
271  void setFormFieldName(const QByteArray &fieldName);
272 
280  static QByteArray formFieldName() noexcept;
281 
286  void setErrorMsgStashKey(const QString &keyName);
287 
293  void setIgnoredNamespaces(const QStringList &namespaces);
294 
302  void setUseSessions(bool useSessions);
303 
320  void setCookieHttpOnly(bool httpOnly);
321 
327  void setCookieName(const QByteArray &cookieName);
328 
333  void setHeaderName(const QByteArray &headerName);
334 
341  void setGenericErrorMessage(const QString &message);
342 
349  void setGenericErrorContentType(const QByteArray &type);
350 
357  static QByteArray getToken(Context *c);
358 
370  static QString getTokenFormField(Context *c);
371 
379  static bool checkPassed(Context *c);
380 
381 protected:
382  bool setup(Application *app) override;
383 
384 private:
385  const std::unique_ptr<CSRFProtectionPrivate> d_ptr;
386 };
387 
388 } // namespace Cutelyst
389 
390 #endif // CSRFPROTECTION_H
Cutelyst::Application
The Cutelyst application.
Definition: application.h:66
Cutelyst::CSRFProtection
Protect input forms against Cross Site Request Forgery (CSRF/XSRF) attacks.
Definition: csrfprotection.h:235
Cutelyst::Context
The Cutelyst Context.
Definition: context.h:42
Cutelyst::Plugin
Base class for Cutelyst Plugins.
Definition: plugin.h:25
Cutelyst
The Cutelyst namespace holds all public Cutelyst API.
Definition: group-core-actions.dox:1