Add CSRF route excluders

This commit is contained in:
Alice Gaudon 2020-07-08 13:28:22 +02:00
parent 5b80c3ac07
commit 6bdfc9b4b7
2 changed files with 11 additions and 1 deletions

View File

@ -1,6 +1,6 @@
{
"name": "wms-core",
"version": "0.10.23",
"version": "0.10.24",
"description": "Node web framework",
"repository": "git@gitlab.com:ArisuOngaku/wms-core.git",
"author": "Alice Gaudon <alice@gaudon.pro>",

View File

@ -4,8 +4,18 @@ import crypto from "crypto";
import {BadRequestError} from "../HttpError";
export default class CsrfProtectionComponent extends ApplicationComponent<void> {
private static readonly routeExcluders: ((path: string) => boolean)[] = [];
public static addRouteExcluder(excluder: (path: string) => boolean) {
this.routeExcluders.push(excluder);
}
public async start(app: Express, router: Router): Promise<void> {
router.use(async (req, res, next) => {
for (const excluder of CsrfProtectionComponent.routeExcluders) {
if (excluder(req.path)) return next();
}
if (!req.session) {
throw new Error('Session is unavailable.');
}