finalize anti csrf partial server endpoints

fupelaqu · fupelaqu · commit b0416afb38e8 · 2023-07-07T16:11:58.000+02:00
diff --git a/tapir/src/main/scala/com/softwaremill/session/CsrfEndpoints.scala b/tapir/src/main/scala/com/softwaremill/session/CsrfEndpoints.scala
@@ -26,7 +26,7 @@ trait CsrfEndpoints {
     (SECURITY_INPUT, Option[String], Method, Option[String]),
     PRINCIPAL,
     Unit,
-    _,
+    Unit,
     (SECURITY_OUTPUT, Option[CookieValueWithMeta]),
     Unit,
     Any,
@@ -36,15 +36,22 @@ trait CsrfEndpoints {
       body
     }
 
-  def hmacTokenCsrfProtectionWithFormOrMultipart[T, SECURITY_INPUT, PRINCIPAL, SECURITY_OUTPUT, F](
+  def hmacTokenCsrfProtectionWithFormOrMultipart[
+      T,
+      SECURITY_INPUT,
+      PRINCIPAL,
+      ERROR_OUTPUT,
+      SECURITY_OUTPUT,
+      F
+  ](
       checkMode: TapirCsrfCheckMode[T],
       form: Either[EndpointIO.Body[String, F], EndpointIO.Body[Seq[RawPart], F]]
   )(
       body: => PartialServerEndpointWithSecurityOutput[
         SECURITY_INPUT,
         PRINCIPAL,
         Unit,
-        Unit,
+        ERROR_OUTPUT,
         SECURITY_OUTPUT,
         Unit,
         Any,
diff --git a/tapir/src/main/scala/com/softwaremill/session/TapirCsrf.scala b/tapir/src/main/scala/com/softwaremill/session/TapirCsrf.scala
@@ -130,7 +130,7 @@ private[session] trait TapirCsrf[T] { _: CsrfCheck =>
     (SECURITY_INPUT, Option[String], Method, Option[String]),
     PRINCIPAL,
     Unit,
-    _,
+    Unit,
     (SECURITY_OUTPUT, Option[CookieValueWithMeta]),
     Unit,
     Any,
@@ -161,8 +161,8 @@ private[session] trait TapirCsrf[T] { _: CsrfCheck =>
         }
     partial.endpoint
       .prependSecurityIn(body.securityInput)
-      .out(body.securityOutput)
-      .out(partial.securityOutput)
+//FIXME      .errorOut(body.errorOutput)
+      .out(body.securityOutput.and(partial.securityOutput))
       .serverSecurityLogicWithOutput {
         case (
             securityInput,
@@ -195,14 +195,15 @@ private[session] trait TapirCsrf[T] { _: CsrfCheck =>
   def hmacTokenCsrfProtectionWithFormOrMultipart[
       SECURITY_INPUT,
       PRINCIPAL,
+      ERROR_OUTPUT,
       SECURITY_OUTPUT,
       F
   ](form: Either[EndpointIO.Body[String, F], EndpointIO.Body[Seq[RawPart], F]])(
       body: => PartialServerEndpointWithSecurityOutput[
         SECURITY_INPUT,
         PRINCIPAL,
         Unit,
-        Unit,
+        ERROR_OUTPUT,
         SECURITY_OUTPUT,
         Unit,
         Any,
@@ -251,8 +252,7 @@ private[session] trait TapirCsrf[T] { _: CsrfCheck =>
         }
     partial.endpoint
       .prependSecurityIn(body.securityInput)
-      .out(body.securityOutput)
-      .out(partial.securityOutput)
+      .out(body.securityOutput.and(partial.securityOutput))
       .serverSecurityLogicWithOutput {
         case (
             securityInput,
diff --git a/tapir/src/main/scala/com/softwaremill/session/TapirEndpoints.scala b/tapir/src/main/scala/com/softwaremill/session/TapirEndpoints.scala
@@ -17,7 +17,7 @@ trait TapirEndpoints extends SessionEndpoints with CsrfEndpoints {
     (Seq[Option[String]], Option[String], Method, Option[String]),
     T,
     Unit,
-    _,
+    Unit,
     (Seq[Option[String]], Option[CookieValueWithMeta]),
     Unit,
     Any,
@@ -35,7 +35,7 @@ trait TapirEndpoints extends SessionEndpoints with CsrfEndpoints {
     (Seq[Option[String]], Option[String], Method, Option[String]),
     Option[T],
     Unit,
-    _,
+    Unit,
     (Seq[Option[String]], Option[CookieValueWithMeta]),
     Unit,
     Any,
