mirror of
https://github.com/jetzig-framework/jetzig.git
synced 2025-05-14 14:06:08 +00:00
6e6f1bec1b
Add to middleware in app's `src/main.zig`:
```zig
pub const jetzig_options = struct {
pub const middleware: []const type = &.{
jetzig.middleware.AntiCsrfMiddleware,
};
};
```
CSRF token available in Zmpl templates:
```
{{context.authenticityToken()}}
```
or render a hidden form element:
```
{{context.authenticityFormElement()}}
```
The following HTML requests are rejected (403 Forbidden) if the
submitted query param does not match the value stored in the encrypted
session (added automatically when the token is generated for a template
value):
* POST
* PUT
* PATCH
* DELETE
JSON requests are not impacted - users should either disable JSON
endpoints or implement a different authentication method to protect
them.
92 lines
3.0 KiB
YAML
92 lines
3.0 KiB
YAML
# This is a basic workflow to help you get started with Actions
|
|
|
|
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches: [ main ]
|
|
pull_request:
|
|
branches: [ main ]
|
|
schedule:
|
|
- cron: '0 0 * * *' #Makes sense, we are testing against master
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
build:
|
|
strategy:
|
|
matrix:
|
|
#Deactivated windows for I don't know why it fails
|
|
#os: [ubuntu-latest, macos-latest, windows-latest]
|
|
os: [ubuntu-latest, macos-latest, windows-latest]
|
|
runs-on: ${{ matrix.os }}
|
|
steps:
|
|
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
|
|
- uses: actions/checkout@v3
|
|
with:
|
|
submodules: true
|
|
|
|
- name: Setup Zig
|
|
# You may pin to the exact commit or the version.
|
|
# uses: goto-bus-stop/setup-zig@41ae19e72e21b9a1380e86ff9f058db709fc8fc6
|
|
uses: goto-bus-stop/setup-zig@v2
|
|
with:
|
|
version: master
|
|
cache: true # Let's see how this behaves
|
|
|
|
- run: zig version
|
|
- run: zig env
|
|
|
|
- name: Build
|
|
run: zig build --verbose
|
|
|
|
- name: Run Tests
|
|
run: zig build test --summary all
|
|
|
|
- name: Run App Tests
|
|
run: |
|
|
cd demo
|
|
zig build -Denvironment=testing jetzig:test
|
|
|
|
- name: Build artifacts
|
|
if: ${{ matrix.os == 'ubuntu-latest' }}
|
|
run: |
|
|
declare -a targets=("x86_64-windows" "x86_64-linux" "x86_64-macos" "aarch64-macos")
|
|
mkdir -p "artifacts/"
|
|
root=$(pwd)
|
|
cd cli
|
|
for target in "${targets[@]}"; do
|
|
mkdir -p $root/artifacts/$target
|
|
echo "Building target ${target}..."
|
|
if ! zig build -Dtarget=${target} -Doptimize=ReleaseSafe --prefix $root/artifacts/${target}/; then
|
|
exit 1
|
|
fi
|
|
sed -e '1,5d' < $root/README.md > $root/artifacts/${target}/README.md
|
|
cp $root/LICENSE $root/artifacts/${target}/
|
|
done
|
|
wait
|
|
|
|
- name: Upload artifacts Target Windows
|
|
if: ${{ matrix.os == 'ubuntu-latest' && !contains(fromJSON('["pull_request"]'), github.event_name) }}
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: build-windows
|
|
path: artifacts/x86_64-windows
|
|
- name: Upload artifacts Target Linux
|
|
if: ${{ matrix.os == 'ubuntu-latest' && !contains(fromJSON('["pull_request"]'), github.event_name) }}
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: build-linux
|
|
path: artifacts/x86_64-linux
|
|
- name: Upload artifacts Target MacOS
|
|
if: ${{ matrix.os == 'ubuntu-latest' && !contains(fromJSON('["pull_request"]'), github.event_name) }}
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: build-macos-x86
|
|
path: artifacts/x86_64-macos
|
|
- name: Upload artifacts Target MacOS 2
|
|
if: ${{ matrix.os == 'ubuntu-latest' && !contains(fromJSON('["pull_request"]'), github.event_name) }}
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: build-macos-aarch64
|
|
path: artifacts/aarch64-macos
|