Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSRF protection on OAuth pages #440

Merged
merged 24 commits into from
Dec 16, 2023
Merged

CSRF protection on OAuth pages #440

merged 24 commits into from
Dec 16, 2023

Conversation

aumetra
Copy link
Member

@aumetra aumetra commented Dec 7, 2023
edited
Loading

Closes #431

This PR adds:

  • A generic CSRF protection library (lib/cursiv)
  • Usage of the CSRF token on the OAuth pages

@aumetra aumetra force-pushed the aumetra/csrf-protection branch from 301cf8b to f08d417 Compare December 7, 2023 21:32
@aumetra
Copy link
Member Author

aumetra commented Dec 9, 2023

Thinking of using a keyed BLAKE2/BLAKE3 hash here. Fast and simple.

BLAKE3 is superior in terms of raw speed (according to benchmarks and (IIRC) available implementations in Rust), but I don't think that the performance difference will really show in this case, since the values we work on are small.

aumetra added 16 commits December 10, 2023 19:17
@aumetra
Merge branch 'main' into aumetra/csrf-protection
d31cf41
@aumetra
update readme
3453708
@aumetra
progress
d5c65c3
@aumetra
add future
9c6f1b4
@aumetra
library progress
66a312c
@aumetra
shorten verify function
c71b5a1
@aumetra
add function to retain cookie
5b1f966
@aumetra
reformat
eb84d6d
@aumetra
style
d424315
@aumetra
unconditionally use secure cookies
e38b366
@aumetra
up
f7038f5
@aumetra
yarn up
1e1b763
@aumetra
flake.lock: Update
2caf527 
Flake lock file updates:

• Updated input 'devenv':
    'github:cachix/devenv/a7c4dd8f4eb1f98a6b8f04bf08364954e1e73e4f' (2023-11-28)
  → 'github:cachix/devenv/e681a99ffe2d2882f413a5d771129223c838ddce' (2023-12-14)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/2c7f3c0fb7c08a0814627611d9d7d45ab6d75335' (2023-12-04)
  → 'github:nixos/nixpkgs/a9bf124c46ef298113270b1f84a164865987a91c' (2023-12-11)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/670ae43e7e5e7cf90b873cea596941d2e24e9c2c' (2023-12-07)
  → 'github:oxalica/rust-overlay/d7aaf97c7c5ea7b4198ef85d3d66b3dfe5c6ce57' (2023-12-15)
@aumetra
Merge branch 'main' into aumetra/csrf-protection
7f76b77
@aumetra
add tests
6c36436
@aumetra
add axum feature
e0c556a
@aumetra aumetra mentioned this pull request Dec 15, 2023
Closed
@aumetra aumetra linked an issue Dec 15, 2023 that may be closed by this pull request
Errors compiling rkyv crate #449
Closed
@aumetra aumetra force-pushed the aumetra/csrf-protection branch from 92a3107 to 12b2706 Compare December 15, 2023 22:09
@aumetra aumetra force-pushed the aumetra/csrf-protection branch from 2f2977c to 2aa42a3 Compare December 16, 2023 11:44
@aumetra aumetra marked this pull request as ready for review December 16, 2023 12:45
@aumetra aumetra enabled auto-merge December 16, 2023 12:45
@aumetra aumetra added this pull request to the merge queue Dec 16, 2023
Merged via the queue into main with commit dd9f6b2 Dec 16, 2023
11 checks passed
@aumetra aumetra deleted the aumetra/csrf-protection branch December 16, 2023 13:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Errors compiling rkyv crate Add CSRF token to OAuth authorization form
1 participant
@aumetra