module Roda::RodaPlugins::FormeRouteCsrf::InstanceMethods

Private Instance Methods

_forme_form_options(obj, attr, opts) click to toggle source

Add the csrf and hidden tags options if needed.

   # File lib/roda/plugins/forme_route_csrf.rb
21 def _forme_form_options(obj, attr, opts)
22   super
23 
24   apply_csrf = opts[:csrf]
25 
26   if apply_csrf || apply_csrf.nil?
27     unless method = attr[:method] || attr['method']
28       if obj && !obj.is_a?(Hash) && obj.respond_to?(:forme_default_request_method)
29         method = obj.forme_default_request_method
30       end
31     end
32   end
33 
34   if apply_csrf.nil?
35     apply_csrf = csrf_options[:check_request_methods].include?(method.to_s.upcase)
36   end
37 
38   if apply_csrf
39     token = if use_request_specific_token = opts.fetch(:use_request_specific_token){use_request_specific_csrf_tokens?}
40       csrf_token(csrf_path(attr[:action]), method)
41     else
42       csrf_token
43     end
44 
45     opts[:csrf] = [csrf_field, token]
46     opts[:_before] = lambda do |form|
47       form.tag(:input, :type=>:hidden, :name=>csrf_field, :value=>token)
48     end
49 
50     if use_request_specific_token && (formaction_field = csrf_options[:formaction_field])
51       formactions = opts[:formactions] = []
52       formaction_tokens = opts[:formaction_tokens] = {}
53       _after = opts[:_after]
54       opts[:formaction_csrfs] = [formaction_field, formaction_tokens]
55       formaction_field = csrf_options[:formaction_field]
56       opts[:_after] = lambda do |form|
57         formactions.each do |action, method|
58           path = csrf_path(action)
59           fa_token = csrf_token(path, method)
60           formaction_tokens[path] = fa_token
61           form.tag(:input, :type=>:hidden, :name=>"#{formaction_field}[#{path}]", :value=>fa_token)
62         end
63         _after.call(form) if _after
64       end
65     end
66   end
67 end