Seregon/zftpd

Zero-copy FTP/HTTP Daemon compatible with all POSIX systems

C/11.0 KB/No license
include/http_csrf.h
raw
zftpd / include / http_csrf.h
1/*
2MIT License
3 
4Copyright (c) 2026 Seregon
5 
6Permission is hereby granted, free of charge, to any person obtaining a copy
7of this software and associated documentation files (the "Software"), to deal
8in the Software without restriction, including without limitation the rights
9to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10copies of the Software, and to permit persons to whom the Software is
11furnished to do so, subject to the following conditions:
12 
13The above copyright notice and this permission notice shall be included in all
14copies or substantial portions of the Software.
15 
16THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22SOFTWARE.
23*/
24 
25/**
26 * @file http_csrf.h
27 * @brief CSRF Protection Module
28 */
29 
30#ifndef HTTP_CSRF_H
31#define HTTP_CSRF_H
32 
33#include "http_parser.h"
34#include "http_server.h"
35 
36/**
37 * @brief Initialize CSRF protection (generate random token)
38 *
39 * @return 0 on success, -1 if entropy unavailable (uploads disabled)
40 */
41int http_csrf_init(void);
42 
43/**
44 * @brief Get the current CSRF token
45 * @return 32-character hex token string
46 */
47const char *http_csrf_get_token(void);
48 
49/**
50 * @brief Validate CSRF token in request headers
51 * @param req HTTP request to check
52 * @return 0 if valid, -1 if missing or invalid
53 */
54int http_csrf_validate(const http_request_t *req);
55 
56#endif /* HTTP_CSRF_H */
57