Remove redundat http require and move it to kemal.cr

This commit is contained in:
Sdogruyol 2016-07-17 14:28:21 +03:00
parent d11b702ee4
commit 6ffa4af0e1
4 changed files with 10 additions and 15 deletions

View file

@ -1,3 +1,4 @@
require "http"
require "./kemal/*"
require "./kemal/helpers/*"
require "./kemal/middleware/*"

View file

@ -1,5 +1,3 @@
require "http"
# All loggers must inherit from `Kemal::BaseLogHandler`.
class Kemal::BaseLogHandler < HTTP::Handler
def initialize

View file

@ -1,5 +1,3 @@
require "http"
class Kemal::CommonLogHandler < Kemal::BaseLogHandler
@handler : IO::FileDescriptor
getter handler

View file

@ -1,5 +1,4 @@
require "secure_random"
require "http"
module Kemal::Middleware
# This middleware adds CSRF protection to your application.
@ -11,9 +10,9 @@ module Kemal::Middleware
# where an attacker can re-submit a form.
#
class CSRF < HTTP::Handler
HEADER = "X_CSRF_TOKEN"
ALLOWED_METHODS = %w[GET HEAD OPTIONS TRACE]
PARAMETER_NAME = "authenticity_token"
HEADER = "X_CSRF_TOKEN"
ALLOWED_METHODS = %w(GET HEAD OPTIONS TRACE)
PARAMETER_NAME = "authenticity_token"
def call(context)
unless context.session["csrf"]?
@ -24,12 +23,12 @@ module Kemal::Middleware
req = context.request
submitted = if req.headers[HEADER]?
req.headers[HEADER]
elsif context.params.body[PARAMETER_NAME]?
context.params.body[PARAMETER_NAME]
else
"nothing"
end
req.headers[HEADER]
elsif context.params.body[PARAMETER_NAME]?
context.params.body[PARAMETER_NAME]
else
"nothing"
end
current_token = context.session["csrf"]
if current_token == submitted
@ -41,6 +40,5 @@ module Kemal::Middleware
context.response.print "Forbidden"
end
end
end
end