CSRFProtectionComponent: give more room for excluding requests

This commit is contained in:
Alice Gaudon 2020-08-28 16:52:43 +02:00
parent 1aeb4e098d
commit 25b1e71784

View File

@ -1,19 +1,19 @@
import ApplicationComponent from "../ApplicationComponent"; import ApplicationComponent from "../ApplicationComponent";
import {Router} from "express"; import {Request, Router} from "express";
import crypto from "crypto"; import crypto from "crypto";
import {BadRequestError} from "../HttpError"; import {BadRequestError} from "../HttpError";
export default class CsrfProtectionComponent extends ApplicationComponent<void> { export default class CsrfProtectionComponent extends ApplicationComponent<void> {
private static readonly routeExcluders: ((path: string) => boolean)[] = []; private static readonly excluders: ((req: Request) => boolean)[] = [];
public static addRouteExcluder(excluder: (path: string) => boolean) { public static addExcluder(excluder: (req: Request) => boolean) {
this.routeExcluders.push(excluder); this.excluders.push(excluder);
} }
public async handle(router: Router): Promise<void> { public async handle(router: Router): Promise<void> {
router.use(async (req, res, next) => { router.use(async (req, res, next) => {
for (const excluder of CsrfProtectionComponent.routeExcluders) { for (const excluder of CsrfProtectionComponent.excluders) {
if (excluder(req.path)) return next(); if (excluder(req)) return next();
} }
if (!req.session) { if (!req.session) {