forked from weavejester/ring-anti-forgery
-
Notifications
You must be signed in to change notification settings - Fork 26
/
session.clj
37 lines (31 loc) · 1.24 KB
/
session.clj
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
(ns ring.middleware.anti-forgery.session
"Contains the synchronizer token (or session) strategy."
(:require [ring.middleware.anti-forgery.strategy :as strategy]
[crypto.equality :as crypto]
[crypto.random :as random]))
(defn- session-token [request]
(get-in request [:session :ring.middleware.anti-forgery/anti-forgery-token]))
(deftype SessionStrategy []
strategy/Strategy
(get-token [this request]
(or (session-token request)
(random/base64 60)))
(valid-token? [_ request token]
(when-let [stored-token (session-token request)]
(crypto/eq? token stored-token)))
(write-token [this request response token]
(let [old-token (session-token request)]
(if (= old-token token)
response
(-> response
(assoc :session (:session response (:session request)))
(assoc-in
[:session :ring.middleware.anti-forgery/anti-forgery-token]
token))))))
(defn session-strategy
"Implements a synchronizer token pattern strategy, suitable for passing to
the :strategy option in the ring.middleware.anti-forgery/wrap-anti-forgery
middleware.
See https://goo.gl/WRm7Kp for more information about this pattern."
[]
(->SessionStrategy))