CSRFProtectionComponent: give more room for excluding requests

This commit is contained in:
Alice Gaudon 2020-08-28 16:52:43 +02:00
parent 1aeb4e098d
commit 25b1e71784

View File

@ -1,19 +1,19 @@
import ApplicationComponent from "../ApplicationComponent";
import {Router} from "express";
import {Request, Router} from "express";
import crypto from "crypto";
import {BadRequestError} from "../HttpError";
export default class CsrfProtectionComponent extends ApplicationComponent<void> {
private static readonly routeExcluders: ((path: string) => boolean)[] = [];
private static readonly excluders: ((req: Request) => boolean)[] = [];
public static addRouteExcluder(excluder: (path: string) => boolean) {
this.routeExcluders.push(excluder);
public static addExcluder(excluder: (req: Request) => boolean) {
this.excluders.push(excluder);
}
public async handle(router: Router): Promise<void> {
router.use(async (req, res, next) => {
for (const excluder of CsrfProtectionComponent.routeExcluders) {
if (excluder(req.path)) return next();
for (const excluder of CsrfProtectionComponent.excluders) {
if (excluder(req)) return next();
}
if (!req.session) {