CSRFProtectionComponent: give more room for excluding requests
This commit is contained in:
parent
1aeb4e098d
commit
25b1e71784
@ -1,19 +1,19 @@
|
|||||||
import ApplicationComponent from "../ApplicationComponent";
|
import ApplicationComponent from "../ApplicationComponent";
|
||||||
import {Router} from "express";
|
import {Request, Router} from "express";
|
||||||
import crypto from "crypto";
|
import crypto from "crypto";
|
||||||
import {BadRequestError} from "../HttpError";
|
import {BadRequestError} from "../HttpError";
|
||||||
|
|
||||||
export default class CsrfProtectionComponent extends ApplicationComponent<void> {
|
export default class CsrfProtectionComponent extends ApplicationComponent<void> {
|
||||||
private static readonly routeExcluders: ((path: string) => boolean)[] = [];
|
private static readonly excluders: ((req: Request) => boolean)[] = [];
|
||||||
|
|
||||||
public static addRouteExcluder(excluder: (path: string) => boolean) {
|
public static addExcluder(excluder: (req: Request) => boolean) {
|
||||||
this.routeExcluders.push(excluder);
|
this.excluders.push(excluder);
|
||||||
}
|
}
|
||||||
|
|
||||||
public async handle(router: Router): Promise<void> {
|
public async handle(router: Router): Promise<void> {
|
||||||
router.use(async (req, res, next) => {
|
router.use(async (req, res, next) => {
|
||||||
for (const excluder of CsrfProtectionComponent.routeExcluders) {
|
for (const excluder of CsrfProtectionComponent.excluders) {
|
||||||
if (excluder(req.path)) return next();
|
if (excluder(req)) return next();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!req.session) {
|
if (!req.session) {
|
||||||
|
Loading…
Reference in New Issue
Block a user