apifrom.security.csrf
=====================


CSRF protection middleware for APIFromAnything.

This module provides middleware for protecting against Cross-Site Request Forgery (CSRF) attacks.



.. py:currentmodule:: apifrom.security.csrf

Overview
--------

**Classes**

* :py:class:`BaseMiddleware`
* :py:class:`CSRFMiddleware`
* :py:class:`CSRFToken`
* :py:class:`JSONResponse`
* :py:class:`Request`
* :py:class:`Response`


**Functions**

* :py:func:`csrf_exempt`





Classes
-------

.. py:class:: BaseMiddleware(**options):bases: abc.ABC


Base middleware class for APIFromAnything.

   This abstract class defines the interface for middleware components.
   Middleware components can process requests and responses.

   .. attribute:: options

      Options for the middleware.

      :type: dict

   Initialize a new BaseMiddleware instance.

   :param \*\*options: Options for the middleware.














.. py:class:: CSRFMiddleware(secret = None, token_name = 'csrf_token', header_name = 'X-CSRF-Token', cookie_name = 'csrf_token', cookie_path = '/', cookie_secure = True, cookie_http_only = True, cookie_same_site = 'Lax', exempt_methods = None, exempt_routes = None, error_message = 'CSRF token validation failed'):bases: apifrom.middleware.base.BaseMiddleware


Middleware for CSRF protection.

   Initialize the CSRF middleware.

   :param secret: Secret key for token generation (defaults to a random key)
   :param token_name: Name of the token in forms and query parameters
   :param header_name: Name of the token header
   :param cookie_name: Name of the token cookie
   :param cookie_path: Path for the token cookie
   :param cookie_secure: Whether the cookie should be secure (HTTPS only)
   :param cookie_http_only: Whether the cookie should be HTTP only
   :param cookie_same_site: SameSite attribute for the cookie
   :param exempt_methods: HTTP methods exempt from CSRF protection
   :param exempt_routes: Routes exempt from CSRF protection
   :param error_message: Error message for CSRF validation failures




.. :: cookie_http_only




.. :: cookie_name




.. :: cookie_path




.. :: cookie_same_site




.. :: cookie_secure




.. :: error_message




.. :: exempt_methods




.. :: exempt_routes




.. :: header_name






.. :: secret




.. :: token_name







.. method:: _generate_token(session_id = None)

   Generate a new CSRF token.

      :param session_id: The session ID to use for token generation

      :returns: The generated token



.. method:: _get_session_id(request)

   Get the session ID from a request.

      :param request: The request to get the session ID from

      :returns: The session ID, or None if not found



.. method:: _get_token_from_request(request)

   Get the CSRF token from a request.

      :param request: The request to get the token from

      :returns: The CSRF token, or None if not found



.. method:: _is_exempt(request)

   Check if a request is exempt from CSRF protection.

      :param request: The request to check

      :returns: True if the request is exempt, False otherwise



.. method:: _set_csrf_cookie(response, token)

   Set the CSRF token cookie on a response.

      :param response: The response to set the cookie on
      :param token: The CSRF token



.. method:: _validate_token(token, session_id = None)

   Validate a CSRF token.

      :param token: The token to validate
      :param session_id: The session ID to validate against

      :returns: True if the token is valid, False otherwise



.. method:: process_request(request)
      :async:

   Process a request through the CSRF middleware.

      :param request: The request to process

      :returns: The processed request



.. method:: process_response(response)
      :async:

   Process a response through the CSRF middleware.

      :param response: The response to process

      :returns: The processed response




.. py:class:: CSRFToken(secret = None, token_length = 32, max_age = 3600)

CSRF token generator and validator.

   Initialize the CSRF token generator.

   :param secret: Secret key for token generation (defaults to a random key)
   :param token_length: Length of the token in bytes
   :param max_age: Maximum age of tokens in seconds


.. :: max_age




.. :: secret




.. :: token_length







.. method:: _create_signature(data)

   Create a signature for the given data.

      :param data: The data to sign

      :returns: The signature



.. method:: generate_token(session_id = None)

   Generate a new CSRF token.

      :param session_id: Session ID to bind the token to (optional)

      :returns: A new CSRF token



.. method:: validate_token(token, session_id = None)

   Validate a CSRF token.

      :param token: The token to validate
      :param session_id: Session ID to validate against (optional)

      :returns: True if the token is valid, False otherwise




.. py:class:: JSONResponse(content = None, status_code = 200, headers = None):bases: Response


JSON response for APIFromAnything.

   This class represents an HTTP response with JSON content.

   Initialize a new JSONResponse instance.

   :param content: The response content.
   :param status_code: The HTTP status code.
   :param headers: HTTP headers.






















.. py:class:: Request(request = None, path_params = None, method = None, path = None, query_params = None, headers = None, body = None, client_ip = None)

Request class for APIFromAnything.

   This class wraps a Starlette request and provides methods for accessing
   request data in a convenient way.

   .. attribute:: _request

      The underlying Starlette request.

   .. attribute:: path_params

      Path parameters extracted from the URL.

   .. attribute:: query_params

      Query parameters extracted from the URL.

   .. attribute:: headers

      HTTP headers.

   .. attribute:: method

      HTTP method.

   .. attribute:: path

      Request path.

   .. attribute:: _body

      Cached request body.

   Initialize a new Request instance.

   :param request: The underlying Starlette request.
   :param path_params: Path parameters extracted from the URL.
   :param method: The HTTP method.
   :param path: The request path.
   :param query_params: Query parameters.
   :param headers: HTTP headers.
   :param body: Request body.
   :param client_ip: Client IP address.


















.. py:class:: Response(content = None, status_code = 200, headers = None, content_type = 'application/json')

Response class for APIFromAnything.

   This class represents an HTTP response and provides methods for setting
   response data, status code, and headers.

   .. attribute:: content

      The response content.

   .. attribute:: status_code

      The HTTP status code.

   .. attribute:: headers

      HTTP headers.

   .. attribute:: content_type

      The content type of the response.

   Initialize a new Response instance.

   :param content: The response content.
   :param status_code: The HTTP status code.
   :param headers: HTTP headers.
   :param content_type: The content type of the response.























Functions
---------

.. py:function:: csrf_exempt(func)


Decorator to exempt a function from CSRF protection.

   :param func: The function to exempt

   :returns: The decorated function