Cutelyst  2.3.0
csrfprotection.h
1 /*
2  * Copyright (C) 2017 Matthias Fehring <kontakt@buschmann23.de>
3  *
4  * This library is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU Lesser General Public
6  * License as published by the Free Software Foundation; either
7  * version 2.1 of the License, or (at your option) any later version.
8  *
9  * This library is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * Lesser General Public License for more details.
13  *
14  * You should have received a copy of the GNU Lesser General Public
15  * License along with this library; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17  */
18 
19 #ifndef CSRFPROTECTION_H
20 #define CSRFPROTECTION_H
21 
22 #include <Cutelyst/cutelyst_global.h>
23 #include <Cutelyst/Plugin>
24 
25 namespace Cutelyst {
26 
27 class Context;
28 class CSRFProtectionPrivate;
29 
227 class CUTELYST_PLUGIN_CSRFPROTECTION_EXPORT CSRFProtection : public Plugin
228 {
229  Q_OBJECT
230  Q_DECLARE_PRIVATE(CSRFProtection)
231 public:
235  CSRFProtection(Application *parent);
236 
240  virtual ~CSRFProtection();
241 
247  void setDefaultDetachTo(const QString &actionNameOrPath);
248 
253  void setFormFieldName(const QString &fieldName);
254 
258  void setErrorMsgStashKey(const QString &keyName);
259 
265  void setIgnoredNamespaces(const QStringList &namespaces);
266 
274  void setUseSessions(bool useSessions);
275 
290  void setCookieHttpOnly(bool httpOnly);
291 
296  void setCookieName(const QString &cookieName);
297 
302  void setHeaderName(const QString &headerName);
303 
310  void setGenericErrorMessage(const QString &message);
311 
317  void setGenericErrorContentTyp(const QString &type);
318 
322  static QByteArray getToken(Context *c);
323 
333  static QString getTokenFormField(Context *c);
334 
341  static bool checkPassed(Context *c);
342 
343 protected:
344  CSRFProtectionPrivate *d_ptr;
345 
346  virtual bool setup(Application *app) override;
347 };
348 
349 }
350 
351 #endif // CSRFPROTECTION_H
The Cutelyst Context.
Definition: context.h:50
Protect input forms against Cross Site Request Forgery (CSRF/XSRF) attacks.
The Cutelyst namespace holds all public Cutelyst API.
Definition: Mainpage.dox:7
The Cutelyst Application.
Definition: application.h:55