From 87aae6bb339ee37b159a4a992481b5b7eeb3d877 Mon Sep 17 00:00:00 2001 From: Alice Gaudon Date: Wed, 23 Sep 2020 16:11:51 +0200 Subject: [PATCH] Fix some nunjucks globals not properly set and make getCSRFToken dynamic --- package.json | 2 +- src/components/CsrfProtectionComponent.ts | 12 ++++++++---- src/components/NunjucksComponent.ts | 11 +++++++---- src/components/WebSocketServerComponent.ts | 20 ++++++++++++-------- 4 files changed, 28 insertions(+), 17 deletions(-) diff --git a/package.json b/package.json index d76adc4..0bc618c 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "wms-core", - "version": "0.22.0-rc.17", + "version": "0.22.0-rc.18", "description": "Node web application framework and toolbelt.", "repository": "https://gitlab.com/ArisuOngaku/wms-core", "author": "Alice Gaudon ", diff --git a/src/components/CsrfProtectionComponent.ts b/src/components/CsrfProtectionComponent.ts index f1f2592..bc6584d 100644 --- a/src/components/CsrfProtectionComponent.ts +++ b/src/components/CsrfProtectionComponent.ts @@ -6,6 +6,13 @@ import {BadRequestError} from "../HttpError"; export default class CsrfProtectionComponent extends ApplicationComponent { private static readonly excluders: ((req: Request) => boolean)[] = []; + public static getCSRFToken(session: Express.Session): string { + if (typeof session.csrf !== 'string') { + session.csrf = crypto.randomBytes(64).toString('base64'); + } + return session.csrf; + } + public static addExcluder(excluder: (req: Request) => boolean) { this.excluders.push(excluder); } @@ -21,10 +28,7 @@ export default class CsrfProtectionComponent extends ApplicationComponent } res.locals.getCSRFToken = () => { - if (typeof req.session!.csrf !== 'string') { - req.session!.csrf = crypto.randomBytes(64).toString('base64'); - } - return req.session!.csrf; + return CsrfProtectionComponent.getCSRFToken(req.session!); }; if (!['GET', 'HEAD', 'OPTIONS'].find(s => s === req.method)) { diff --git a/src/components/NunjucksComponent.ts b/src/components/NunjucksComponent.ts index e5da4c7..2e6930f 100644 --- a/src/components/NunjucksComponent.ts +++ b/src/components/NunjucksComponent.ts @@ -12,7 +12,7 @@ export default class NunjucksComponent extends ApplicationComponent { private readonly viewsPath: string; private env?: Environment; - constructor(viewsPath: string = 'views') { + public constructor(viewsPath: string = 'views') { super(); this.viewsPath = viewsPath; } @@ -46,6 +46,8 @@ export default class NunjucksComponent extends ApplicationComponent { .addGlobal('app_version', this.app!.getVersion()) .addGlobal('core_version', coreVersion) .addGlobal('querystring', querystring) + .addGlobal('app', config.get('app')) + .addFilter('dump', (val) => { return util.inspect(val); }) @@ -63,10 +65,11 @@ export default class NunjucksComponent extends ApplicationComponent { res.locals.query = req.query; res.locals.body = req.body; - res.locals.app = config.get('app'); - res.locals.websocketUrl = config.get('public_websocket_url'); - next(); }); } + + public getEnv(): Environment | undefined { + return this.env; + } } \ No newline at end of file diff --git a/src/components/WebSocketServerComponent.ts b/src/components/WebSocketServerComponent.ts index 84d907f..25eba6d 100644 --- a/src/components/WebSocketServerComponent.ts +++ b/src/components/WebSocketServerComponent.ts @@ -9,19 +9,18 @@ import ExpressAppComponent from "./ExpressAppComponent"; import Application from "../Application"; import RedisComponent from "./RedisComponent"; import WebSocketListener from "../WebSocketListener"; +import NunjucksComponent from "./NunjucksComponent"; export default class WebSocketServerComponent extends ApplicationComponent { - private readonly application: Application; - private readonly expressAppComponent: ExpressAppComponent; - private readonly storeComponent: RedisComponent; - private wss?: WebSocket.Server; - constructor(application: Application, expressAppComponent: ExpressAppComponent, storeComponent: RedisComponent) { + constructor( + private readonly application: Application, + private readonly expressAppComponent: ExpressAppComponent, + private readonly storeComponent: RedisComponent, + private readonly nunjucksComponent?: NunjucksComponent, + ) { super(); - this.expressAppComponent = expressAppComponent; - this.application = application; - this.storeComponent = storeComponent; } public async start(app: Express): Promise { @@ -71,6 +70,11 @@ export default class WebSocketServerComponent extends ApplicationComponent }); }); }); + + const env = this.nunjucksComponent?.getEnv(); + if (env) { + env.addGlobal('websocketUrl', config.get('public_websocket_url')); + } } public async stop(): Promise {