Skip to content

Commit

Permalink
Use antiforgery
Browse files Browse the repository at this point in the history
  • Loading branch information
@dodyg
dodyg committed Jun 23, 2024
1 parent b114f38 commit c325866
Showing 1 changed file with 50 additions and 16 deletions.
66 changes: 50 additions & 16 deletions projects/htmx/all-verbs/Program.cs
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,18 @@
using Htmx;
using Microsoft.AspNetCore.Antiforgery;
using Microsoft.AspNetCore.Mvc;

var app = WebApplication.Create();
app.MapGet("/", () =>
var builder = WebApplication.CreateBuilder();
builder.Services.AddAntiforgery();
var app = builder.Build();

app.UseAntiforgery();

app.MapGet("/", (HttpContext context, [FromServices] IAntiforgery anti) =>
{
var html = """
var token = anti.GetAndStoreTokens(context);

var html = $$"""
<!DOCTYPE html>
<html>
<head>
Expand All @@ -12,6 +21,7 @@
cursor:pointer;
}
</style>
<meta name="htmx-config" content='{ "antiForgery": {"headerName" : "{{ token.HeaderName}}", "requestToken" : "{{token.RequestToken }}" } }'>
</head>
<body>
<h1>All verbs supported in HTMX</h1>
Expand All @@ -23,57 +33,81 @@
<li hx-patch="/htmx">PATCH</li>
<li hx-delete="/htmx">DELETE</li>
</ul>
<script src="https://unpkg.com/[email protected]" integrity="sha384-wS5l5IKJBvK6sPTKa2WZ1js3d947pvWXbPJ1OmWfEuxLgeHcEbjUUA5i9V5ZkpCw" crossorigin="anonymous"></script>
<script src="https://unpkg.com/[email protected]" integrity="sha384-wS5l5IKJBvK6sPTKa2WZ1js3d947pvWXbPJ1OmWfEuxLgeHcEbjUUA5i9V5ZkpCw" crossorigin="anonymous"></script>
<script>
document.addEventListener("htmx:configRequest", (evt) => {
let httpVerb = evt.detail.verb.toUpperCase();
if (httpVerb === 'GET') return;
let antiForgery = htmx.config.antiForgery;
if (antiForgery) {
// already specified on form, short circuit
if (evt.detail.parameters[antiForgery.formFieldName])
return;
if (antiForgery.headerName) {
evt.detail.headers[antiForgery.headerName]
= antiForgery.requestToken;
} else {
evt.detail.parameters[antiForgery.formFieldName]
= antiForgery.requestToken;
}
}
});
</script>
</body>
</html>
""";
return Results.Content(html, "text/html");
});

app.MapGet("/htmx/", (HttpRequest request) =>
var htmx = app.MapGroup("/htmx").AddEndpointFilter(async (context, next) =>
{
if (context.HttpContext.Request.Method == "GET")
return await next(context);

await context.HttpContext.RequestServices.GetRequiredService<IAntiforgery>()!.ValidateRequestAsync(context.HttpContext);
return await next(context);
});

htmx.MapGet("/", (HttpRequest request) =>
{
if (request.IsHtmx() is false)
return Results.Content("");

return Results.Content($"GET => {DateTime.UtcNow}");
});


app.MapPost("/htmx/", (HttpRequest request) =>
htmx.MapPost("/", (HttpRequest request) =>
{
if (request.IsHtmx() is false)
return Results.Content("");

return Results.Content($"POST => {DateTime.UtcNow}");
});


app.MapDelete("/htmx/", (HttpRequest request) =>
htmx.MapDelete("/", (HttpRequest request) =>
{
if (request.IsHtmx() is false)
return Results.Content("");

return Results.Content($"DELETE => {DateTime.UtcNow}");
});


app.MapPut("/htmx/", (HttpRequest request) =>
htmx.MapPut("/", (HttpRequest request) =>
{
if (request.IsHtmx() is false)
return Results.Content("");

return Results.Content($"PUT => {DateTime.UtcNow}");
});


app.MapPatch("/htmx/", (HttpRequest request) =>
htmx.MapPatch("/", (HttpRequest request) =>
{
if (request.IsHtmx() is false)
return Results.Content("");

return Results.Content($"PATCH => {DateTime.UtcNow}");
});

app.Run();


app.Run();

0 comments on commit c325866

Please sign in to comment.