apifrom.utils.csrf
==================




.. py:currentmodule:: apifrom.utils.csrf

Overview
--------

**Classes**

* :py:class:`CSRFProtection`


**Functions**

* :py:func:`generate_csrf_token`
* :py:func:`verify_csrf_token`





Classes
-------

.. py:class:: CSRFProtection(secret_key, cookie_name = 'csrf_token', header_name = 'X-CSRF-Token', form_field_name = 'csrf_token', exempt_methods = None, exempt_routes = None, token_expiry = 3600)

Class that provides CSRF protection middleware and utilities.

   Initialize the CSRF protection middleware.

   :param secret_key: The secret key used to sign CSRF tokens.
   :param cookie_name: The name of the cookie to store the CSRF token in.
   :param header_name: The name of the header to look for the CSRF token in.
   :param form_field_name: The name of the form field to look for the CSRF token in.
   :param exempt_methods: HTTP methods that are exempt from CSRF protection.
   :param exempt_routes: Routes that are exempt from CSRF protection.
   :param token_expiry: How long CSRF tokens are valid for, in seconds.


.. :: cookie_name




.. :: exempt_methods




.. :: exempt_routes




.. :: form_field_name




.. :: header_name




.. :: secret_key




.. :: token_expiry









Functions
---------

.. py:function:: generate_csrf_token(session_id = None)


Generate a CSRF token for the given session ID.

   :param session_id: The session ID to generate the token for.

   :returns: The generated CSRF token.
   :rtype: str


.. py:function:: verify_csrf_token(token, session_id = None)


Verify that the given CSRF token is valid for the session.

   :param token: The CSRF token to verify.
   :param session_id: The session ID to verify the token against.

   :returns: True if the token is valid, False otherwise.
   :rtype: bool