Initial commit

src/presentation/routing/csrf.py

@@ -0,0 +1,37 @@
+from __future__ import annotations
+from fastapi import APIRouter
+from fastapi.responses import ORJSONResponse
+from starlette import status
+from src.infrastructure.security import CsrfService
+from src.infrastructure.config import settings
+from src.presentation.decorators import rate_limit
+
+csrf_router = APIRouter(prefix='/csrf', tags=['csrf'])
+
+
+@csrf_router.get('/token', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
+@rate_limit(limit=settings.RATE_LIMIT_REQUESTS, window_seconds=settings.RATE_LIMIT_WINDOW, scope='ip')
+async def issue_csrf_token():
+    csrf = CsrfService()
+
+    token = csrf.issue()
+
+    response = ORJSONResponse(
+        content={
+            'token': token,
+            'header_name': csrf.header_name,
+        }
+    )
+
+    response.set_cookie(
+        key=csrf.cookie_name,
+        value=token,
+        secure=settings.CSRF_COOKIE_SECURE,
+        httponly=settings.CSRF_COOKIE_HTTPONLY,
+        samesite=settings.CSRF_COOKIE_SAMESITE,
+        path=settings.CSRF_COOKIE_PATH,
+        domain=settings.CSRF_COOKIE_DOMAIN,
+        max_age=csrf.ttl_seconds,
+    )
+
+    return response