CSRFProtectionComponent: give more room for excluding requests
This commit is contained in:
parent
1aeb4e098d
commit
25b1e71784
@ -1,19 +1,19 @@
|
||||
import ApplicationComponent from "../ApplicationComponent";
|
||||
import {Router} from "express";
|
||||
import {Request, Router} from "express";
|
||||
import crypto from "crypto";
|
||||
import {BadRequestError} from "../HttpError";
|
||||
|
||||
export default class CsrfProtectionComponent extends ApplicationComponent<void> {
|
||||
private static readonly routeExcluders: ((path: string) => boolean)[] = [];
|
||||
private static readonly excluders: ((req: Request) => boolean)[] = [];
|
||||
|
||||
public static addRouteExcluder(excluder: (path: string) => boolean) {
|
||||
this.routeExcluders.push(excluder);
|
||||
public static addExcluder(excluder: (req: Request) => boolean) {
|
||||
this.excluders.push(excluder);
|
||||
}
|
||||
|
||||
public async handle(router: Router): Promise<void> {
|
||||
router.use(async (req, res, next) => {
|
||||
for (const excluder of CsrfProtectionComponent.routeExcluders) {
|
||||
if (excluder(req.path)) return next();
|
||||
for (const excluder of CsrfProtectionComponent.excluders) {
|
||||
if (excluder(req)) return next();
|
||||
}
|
||||
|
||||
if (!req.session) {
|
||||
|
Loading…
Reference in New Issue
Block a user