csrfprotection.h

/*
 * SPDX-FileCopyrightText: (C) 2017-2022 Matthias Fehring <mf@huessenbergnetz.de>
 * SPDX-License-Identifier: BSD-3-Clause
 */
 
#ifndef CSRFPROTECTION_H
#define CSRFPROTECTION_H
 
#include <Cutelyst/Plugin>
#include <Cutelyst/cutelyst_global.h>
 
namespace Cutelyst {
 
class Context;
class CSRFProtectionPrivate;
 
class CUTELYST_PLUGIN_CSRFPROTECTION_EXPORT CSRFProtection
    : public Plugin // clazy:exclude=ctor-missing-parent-argument
{
    Q_OBJECT
    Q_DECLARE_PRIVATE(CSRFProtection) // NOLINT(cppcoreguidelines-pro-type-reinterpret-cast)
    Q_DISABLE_COPY(CSRFProtection)
public:
    CSRFProtection(Application *parent);
 
    CSRFProtection(Application *parent, const QVariantMap &defaultConfig);
 
    ~CSRFProtection() override;
 
    void setDefaultDetachTo(const QString &actionNameOrPath);
 
    void setFormFieldName(const QByteArray &fieldName);
 
    void setErrorMsgStashKey(const QString &keyName);
 
    void setIgnoredNamespaces(const QStringList &namespaces);
 
    void setUseSessions(bool useSessions);
 
    void setCookieHttpOnly(bool httpOnly);
 
    void setCookieName(const QByteArray &cookieName);
 
    void setHeaderName(const QByteArray &headerName);
 
    void setGenericErrorMessage(const QString &message);
 
    void setGenericErrorContentType(const QByteArray &type);
 
    static QByteArray getToken(Context *c);
 
    static QString getTokenFormField(Context *c);
 
    static bool checkPassed(Context *c);
 
protected:
    bool setup(Application *app) override;
 
private:
    const std::unique_ptr<CSRFProtectionPrivate> d_ptr;
};
 
} // namespace Cutelyst
 
#endif // CSRFPROTECTION_H