auth/src/presentation/routing/csrf.py

from __future__ import annotations
from fastapi import APIRouter, Request
from fastapi.responses import ORJSONResponse
from starlette import status
from src.infrastructure.security import CsrfService
from src.infrastructure.config import settings
from src.presentation.decorators import rate_limit

csrf_router = APIRouter(prefix='/csrf', tags=['csrf'])


@csrf_router.get('/token', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
@rate_limit(limit=settings.RATE_LIMIT_REQUESTS, window_seconds=settings.RATE_LIMIT_WINDOW, scope='ip')
async def issue_csrf_token(request: Request):
    csrf = CsrfService()

    token = csrf.issue()

    response = ORJSONResponse(
        content={
            'token': token,
            'header_name': csrf.header_name,
        }
    )

    response.set_cookie(
        key=csrf.cookie_name,
        value=token,
        secure=settings.CSRF_COOKIE_SECURE,
        httponly=settings.CSRF_COOKIE_HTTPONLY,
        samesite=settings.CSRF_COOKIE_SAMESITE,
        path=settings.CSRF_COOKIE_PATH,
        domain=settings.CSRF_COOKIE_DOMAIN or '.elcsa.ru',
        max_age=csrf.ttl_seconds,
    )

    return response