Add CSRF route excluders
This commit is contained in:
parent
5b80c3ac07
commit
6bdfc9b4b7
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "wms-core",
|
||||
"version": "0.10.23",
|
||||
"version": "0.10.24",
|
||||
"description": "Node web framework",
|
||||
"repository": "git@gitlab.com:ArisuOngaku/wms-core.git",
|
||||
"author": "Alice Gaudon <alice@gaudon.pro>",
|
||||
|
@ -4,8 +4,18 @@ import crypto from "crypto";
|
||||
import {BadRequestError} from "../HttpError";
|
||||
|
||||
export default class CsrfProtectionComponent extends ApplicationComponent<void> {
|
||||
private static readonly routeExcluders: ((path: string) => boolean)[] = [];
|
||||
|
||||
public static addRouteExcluder(excluder: (path: string) => boolean) {
|
||||
this.routeExcluders.push(excluder);
|
||||
}
|
||||
|
||||
public async start(app: Express, router: Router): Promise<void> {
|
||||
router.use(async (req, res, next) => {
|
||||
for (const excluder of CsrfProtectionComponent.routeExcluders) {
|
||||
if (excluder(req.path)) return next();
|
||||
}
|
||||
|
||||
if (!req.session) {
|
||||
throw new Error('Session is unavailable.');
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user