Add CSRF route excluders
This commit is contained in:
parent
5b80c3ac07
commit
6bdfc9b4b7
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "wms-core",
|
"name": "wms-core",
|
||||||
"version": "0.10.23",
|
"version": "0.10.24",
|
||||||
"description": "Node web framework",
|
"description": "Node web framework",
|
||||||
"repository": "git@gitlab.com:ArisuOngaku/wms-core.git",
|
"repository": "git@gitlab.com:ArisuOngaku/wms-core.git",
|
||||||
"author": "Alice Gaudon <alice@gaudon.pro>",
|
"author": "Alice Gaudon <alice@gaudon.pro>",
|
||||||
|
@ -4,8 +4,18 @@ import crypto from "crypto";
|
|||||||
import {BadRequestError} from "../HttpError";
|
import {BadRequestError} from "../HttpError";
|
||||||
|
|
||||||
export default class CsrfProtectionComponent extends ApplicationComponent<void> {
|
export default class CsrfProtectionComponent extends ApplicationComponent<void> {
|
||||||
|
private static readonly routeExcluders: ((path: string) => boolean)[] = [];
|
||||||
|
|
||||||
|
public static addRouteExcluder(excluder: (path: string) => boolean) {
|
||||||
|
this.routeExcluders.push(excluder);
|
||||||
|
}
|
||||||
|
|
||||||
public async start(app: Express, router: Router): Promise<void> {
|
public async start(app: Express, router: Router): Promise<void> {
|
||||||
router.use(async (req, res, next) => {
|
router.use(async (req, res, next) => {
|
||||||
|
for (const excluder of CsrfProtectionComponent.routeExcluders) {
|
||||||
|
if (excluder(req.path)) return next();
|
||||||
|
}
|
||||||
|
|
||||||
if (!req.session) {
|
if (!req.session) {
|
||||||
throw new Error('Session is unavailable.');
|
throw new Error('Session is unavailable.');
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user