From 2c1c0df583f4b7cc9aba1d97cf9d1131a0fa0096 Mon Sep 17 00:00:00 2001 From: Eitaro Fukamachi Date: Thu, 12 Apr 2018 17:23:32 +0900 Subject: [PATCH] Change the option name of CSRF token to ':session-key'. --- src/middleware/csrf.lisp | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/middleware/csrf.lisp b/src/middleware/csrf.lisp index fa70062..cb3a308 100644 --- a/src/middleware/csrf.lisp +++ b/src/middleware/csrf.lisp @@ -11,13 +11,13 @@ :csrf-html-tag)) (in-package :lack.middleware.csrf) -(defvar *csrf-token-key*) +(defvar *csrf-session-key*) (defparameter *lack-middleware-csrf* (lambda (app &key (block-app #'return-400) one-time - (csrf-token-key :csrf-token)) + (session-key :csrf-token)) (lambda (env) - (let ((*csrf-token-key* csrf-token-key)) + (let ((*csrf-session-key* session-key)) (block nil (unless (danger-method-p (getf env :request-method)) (return (funcall app env))) @@ -29,7 +29,7 @@ (if (valid-token-p env) (progn (when one-time - (remhash csrf-token-key session)) + (remhash *csrf-session-key* session)) (funcall app env)) (funcall block-app env))))))) "Middleware for easy CSRF protection") @@ -48,7 +48,7 @@ (defun valid-token-p (env) (let ((req (make-request env)) - (csrf-token (gethash *csrf-token-key* + (csrf-token (gethash *csrf-session-key* (getf env :lack.session)))) (and csrf-token (let ((recieved-csrf-token @@ -56,9 +56,9 @@ (string= csrf-token recieved-csrf-token))))) (defun csrf-token (session) - (unless (gethash *csrf-token-key* session) - (setf (gethash *csrf-token-key* session) (generate-random-id))) - (gethash *csrf-token-key* session)) + (unless (gethash *csrf-session-key* session) + (setf (gethash *csrf-session-key* session) (generate-random-id))) + (gethash *csrf-session-key* session)) (defun csrf-html-tag (session) (format nil ""