net.croz.nrich.security.csrf.webflux.holder.WebFluxCsrfTokenKeyHolder Maven / Gradle / Ivy

Go to download
/*
 *  Copyright 2020-2023 CROZ d.o.o, the original author or authors.
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
 */

package net.croz.nrich.security.csrf.webflux.holder;

import lombok.RequiredArgsConstructor;
import net.croz.nrich.security.csrf.api.holder.CsrfTokenKeyHolder;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebSession;

import java.security.Key;

@RequiredArgsConstructor
public class WebFluxCsrfTokenKeyHolder implements CsrfTokenKeyHolder {

    private final ServerWebExchange exchange;

    private final WebSession webSession;

    private final String tokenKeyName;

    private final String cryptoKeyName;

    @Override
    public String getToken() {
        String token = exchange.getRequest().getHeaders().getFirst(tokenKeyName);

        if (token == null) {
            token = exchange.getRequest().getQueryParams().getFirst(tokenKeyName);
        }

        return token;
    }

    @Override
    public void storeToken(String csrfToken) {
        exchange.getResponse().getHeaders().add(tokenKeyName, csrfToken);
    }

    @Override
    public Key getCryptoKey() {
        return (Key) webSession.getAttributes().get(cryptoKeyName);
    }

    @Override
    public void storeCryptoKey(Key cryptoKey) {
        webSession.getAttributes().put(cryptoKeyName, cryptoKey);
    }
}