Change options to use a hashref, for more flexible setting.

[www-csrf] / lib / WWW / CSRF.pm

diff --git a/lib/WWW/CSRF.pm b/lib/WWW/CSRF.pm
index 202348bf671693472f8db5a0af1d4cd9e47fcea1..95c5e8f041724443a9c12711ae12ecc4e947c0f8 100644 (file)
--- a/lib/WWW/CSRF.pm
+++ b/lib/WWW/CSRF.pm
@@ -11,9 +11,10 @@ our @EXPORT_OK = qw(generate_csrf_token check_csrf_token);
 our $VERSION = '1.00';
 
 sub generate_csrf_token {
-       my ($id, $secret, $random, $time) = @_;
+       my ($id, $secret, $options) = @_;
 
-       $time //= time;
+       my $time = $options->{'Time'} // time;
+       my $random = $options->{'Random'};
 
        my $digest = Digest::HMAC_SHA1::hmac_sha1($time . "/" . $id, $secret);
        my @digest_bytes = _to_byte_array($digest);
@@ -35,7 +36,7 @@ sub generate_csrf_token {
 }
 
 sub check_csrf_token {
-       my ($id, $secret, $csrf_token, $max_age) = @_;
+       my ($id, $secret, $csrf_token, $options) = @_;
 
        if ($csrf_token !~ /^([0-9a-f]+),([0-9a-f]+),([0-9]+)$/) {
                # Malformed token.
@@ -43,6 +44,7 @@ sub check_csrf_token {
        }
 
        my ($masked_token, $mask, $time) = ($1, $2, $3);
+       my $max_age = $options->{'MaxAge'};
        if (defined($max_age) && time - $time > $max_age) {
                # Timed out.
                return 0;