From 6bdfc9b4b7d95592b21b8b0c44f4572daeea563e Mon Sep 17 00:00:00 2001
From: Alice Gaudon <alice@gaudon.pro>
Date: Wed, 8 Jul 2020 13:28:22 +0200
Subject: [PATCH] Add CSRF route excluders

---
 package.json                              |  2 +-
 src/components/CsrfProtectionComponent.ts | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 069e0e7..86b9169 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "wms-core",
-  "version": "0.10.23",
+  "version": "0.10.24",
   "description": "Node web framework",
   "repository": "git@gitlab.com:ArisuOngaku/wms-core.git",
   "author": "Alice Gaudon <alice@gaudon.pro>",
diff --git a/src/components/CsrfProtectionComponent.ts b/src/components/CsrfProtectionComponent.ts
index 780d299..5650a57 100644
--- a/src/components/CsrfProtectionComponent.ts
+++ b/src/components/CsrfProtectionComponent.ts
@@ -4,8 +4,18 @@ import crypto from "crypto";
 import {BadRequestError} from "../HttpError";
 
 export default class CsrfProtectionComponent extends ApplicationComponent<void> {
+    private static readonly routeExcluders: ((path: string) => boolean)[] = [];
+
+    public static addRouteExcluder(excluder: (path: string) => boolean) {
+        this.routeExcluders.push(excluder);
+    }
+
     public async start(app: Express, router: Router): Promise<void> {
         router.use(async (req, res, next) => {
+            for (const excluder of CsrfProtectionComponent.routeExcluders) {
+                if (excluder(req.path)) return next();
+            }
+
             if (!req.session) {
                 throw new Error('Session is unavailable.');
             }