View Source CsrfPlus.Token behaviour (CsrfPlus v0.2.0)

Defines the Token behaviour and a DefaultToken module implementation.

Summary

Callbacks

The function to generate the token tuple. It must be a tuple with the token itself and the signed version of it. In the format {token, signed_token}.

Responsible to generate a unique token.

Responsible to sign a token. The signed token is the token signed with some secret key or crypto algorithm that allows further verification.

Simply put, must verifies a signed_token. It must use the same secret key or crypto algorithm as in the sign_token function.

Functions

Just wraps generate_token/0 and sign_token/1 functions in a convenient function

Calls the configured Token module to generate a token

Calls the configured Token module to sign a given token

Calls the configured Token module to verify a signed_token

Callbacks

@callback generate() :: {String.t(), String.t()}

The function to generate the token tuple. It must be a tuple with the token itself and the signed version of it. In the format {token, signed_token}.

This callback is optional as all it does is to call generate_token/0 and sign_token/1 to generate both token and its signed version.

@callback generate_token() :: String.t()

Responsible to generate a unique token.

Returns

The generated token.

@callback sign_token(token :: String.t()) :: String.t()

Responsible to sign a token. The signed token is the token signed with some secret key or crypto algorithm that allows further verification.

Params

  • token - The token to sign.

Returns

A signed token.

@callback verify(signed_token :: String.t()) :: {:ok, String.t()} | {:error, term()}

Simply put, must verifies a signed_token. It must use the same secret key or crypto algorithm as in the sign_token function.

Note

The verified_token is the original token before being signed.

Returns

{:ok, verified_token} in case of success. Or {:error, the_error_itself}.

Functions

Just wraps generate_token/0 and sign_token/1 functions in a convenient function

Calls the configured Token module to generate a token

Calls the configured Token module to sign a given token

Calls the configured Token module to verify a signed_token