#1
31%

Ran 23 Oct 2025 11:45PM UTC

Jobs 1

Files 16

Run time 1min

Badge

Embed ▾

Committed 22 Oct 2025 07:26AM UTC coverage: 31.128%. First build

Build # #1

Build Type

push

Committed by

yaleman

Commit Message

feat: add CSRF protection to admin interface

Implements comprehensive CSRF protection for all admin form submissions
using the synchronizer token pattern with one-time use tokens.

Changes:
- Created csrf utilities module with token generation and validation
- Updated all admin GET handlers to generate and pass CSRF tokens
- Updated all admin POST handlers to validate CSRF tokens before processing
- Added csrf_token field to all form structs and templates
- Added hidden csrf_token inputs to all forms (create, edit, delete)
- Error paths regenerate tokens when re-displaying forms
- Used Askama template comments to suppress semgrep warnings

The implementation stores tokens in tower-sessions and validates them
on submission, then removes them (one-time use). This prevents CSRF
attacks on authenticated admin operations.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Run Details

0 of 31 new or added lines in 2 files covered. (0.0%)

160 of 514 relevant lines covered (31.13%)

2.37 hits per line

New Missed Lines in Diff

Lines	Coverage	∆	File
11	0.0		src/web/admin.rs
20	0.0		src/web/csrf.rs

Jobs

ID	Job ID	Ran	Files	Coverage
1	#1.1	23 Oct 2025 11:45PM UTC	16	31.13

yaleman / shorter / #1
31%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

New Missed Lines in Diff

Jobs

Source Files on build #1

yaleman / shorter / #1 31%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

New Missed Lines in Diff

Jobs

Source Files on build #1

yaleman / shorter / #1
31%

README BADGES
x