Class: TokenBox
- Inherits:
-
Object
- Object
- TokenBox
- Defined in:
- lib/pasaporte/token_box.rb
Overview
A simple but effective CSRF protector
Defined Under Namespace
Constant Summary collapse
- CHARS =
[*'A'..'Z'] + [*'0'..'9'] + [*'a'..'z']
- WINDOW =
Gone in 60 seconds
10.minutes
Instance Method Summary collapse
-
#procure!(request, lifetime = nil) ⇒ Object
Procure a CSRF token for a specific request URI.
-
#validate!(request, token) ⇒ Object
Validate the token for a specific request URI.
Instance Method Details
#procure!(request, lifetime = nil) ⇒ Object
Procure a CSRF token for a specific request URI
27 28 29 30 31 32 33 34 |
# File 'lib/pasaporte/token_box.rb', line 27 def procure!(request, lifetime = nil) returning(Token.new(lifetime || WINDOW)) do | t | @heap ||= {} @heap[request] ||= [] @heap[request].shift if @heap[request].length >= MAX_TOKENS @heap[request] << t end.to_s end |
#validate!(request, token) ⇒ Object
Validate the token for a specific request URI
37 38 39 40 41 42 |
# File 'lib/pasaporte/token_box.rb', line 37 def validate!(request, token) raise Invalid.new("no heap part") unless (@heap && @heap[request]) @heap[request].reject!{|t| t.expired? } raise Invalid.new("no token found in heap") unless @heap[request].find{|e| e.to_s == token} @heap[request].reject!{|e| e.to_s == token } end |