async fn csrf_checker( mut res: Response<Body>, req_info: RequestInfo, ) -> Result<Response<Body>, Infallible> { let mut state = req_info.data::<Config>().unwrap(); let prev_csrf_token: Option<[u8; 64]> = req_info.headers().get("csrf_token").map(|x|x.as_bytes().clone()); let prev_csrf_cookie = req_info.headers().get("csrf_cookie").map(|x|x.as_bytes().clone()); let protect = AesGcmCsrfProtection::from_key(state.csrf_key.as_bytes().try_into().unwrap()); let (csrf_token, csrf_cookie) = protect.generate_token_pair(prev_csrf_token.clone(), 3600).unwrap(); res.headers_mut().insert("csrf_token", HeaderValue::from_static(&csrf_token.b64_string())).unwrap(); res.headers_mut().insert("csrf_cookie", HeaderValue::from_static(&csrf_cookie.b64_string())).unwrap(); if req_info.uri().path().clone() == "/api/csrf" { //res.headers_mut().insert("csrf_token", ) return Ok(res); } if let (Some(prev_csrf_cookie), Some(prev_csrf_token)) = (prev_csrf_cookie, prev_csrf_token) { let parsed_csrf_cookie = protect.parse_cookie(prev_csrf_cookie); let parsed_csrf_token = protect.parse_token(prev_csrf_token); if let (Some(parsed_csrf_cookie), Some(parsed_csrf_token)) = (parsed_csrf_cookie, parsed_csrf_token) { } protect.verify_token_pair(, ) } Ok(res) }