Fix some nunjucks globals not properly set and make getCSRFToken dynamic

This commit is contained in:
Alice Gaudon 2020-09-23 16:11:51 +02:00
parent 47e0756930
commit 87aae6bb33
4 changed files with 28 additions and 17 deletions

View File

@ -1,6 +1,6 @@
{ {
"name": "wms-core", "name": "wms-core",
"version": "0.22.0-rc.17", "version": "0.22.0-rc.18",
"description": "Node web application framework and toolbelt.", "description": "Node web application framework and toolbelt.",
"repository": "https://gitlab.com/ArisuOngaku/wms-core", "repository": "https://gitlab.com/ArisuOngaku/wms-core",
"author": "Alice Gaudon <alice@gaudon.pro>", "author": "Alice Gaudon <alice@gaudon.pro>",

View File

@ -6,6 +6,13 @@ import {BadRequestError} from "../HttpError";
export default class CsrfProtectionComponent extends ApplicationComponent<void> { export default class CsrfProtectionComponent extends ApplicationComponent<void> {
private static readonly excluders: ((req: Request) => boolean)[] = []; private static readonly excluders: ((req: Request) => boolean)[] = [];
public static getCSRFToken(session: Express.Session): string {
if (typeof session.csrf !== 'string') {
session.csrf = crypto.randomBytes(64).toString('base64');
}
return session.csrf;
}
public static addExcluder(excluder: (req: Request) => boolean) { public static addExcluder(excluder: (req: Request) => boolean) {
this.excluders.push(excluder); this.excluders.push(excluder);
} }
@ -21,10 +28,7 @@ export default class CsrfProtectionComponent extends ApplicationComponent<void>
} }
res.locals.getCSRFToken = () => { res.locals.getCSRFToken = () => {
if (typeof req.session!.csrf !== 'string') { return CsrfProtectionComponent.getCSRFToken(req.session!);
req.session!.csrf = crypto.randomBytes(64).toString('base64');
}
return req.session!.csrf;
}; };
if (!['GET', 'HEAD', 'OPTIONS'].find(s => s === req.method)) { if (!['GET', 'HEAD', 'OPTIONS'].find(s => s === req.method)) {

View File

@ -12,7 +12,7 @@ export default class NunjucksComponent extends ApplicationComponent<void> {
private readonly viewsPath: string; private readonly viewsPath: string;
private env?: Environment; private env?: Environment;
constructor(viewsPath: string = 'views') { public constructor(viewsPath: string = 'views') {
super(); super();
this.viewsPath = viewsPath; this.viewsPath = viewsPath;
} }
@ -46,6 +46,8 @@ export default class NunjucksComponent extends ApplicationComponent<void> {
.addGlobal('app_version', this.app!.getVersion()) .addGlobal('app_version', this.app!.getVersion())
.addGlobal('core_version', coreVersion) .addGlobal('core_version', coreVersion)
.addGlobal('querystring', querystring) .addGlobal('querystring', querystring)
.addGlobal('app', config.get('app'))
.addFilter('dump', (val) => { .addFilter('dump', (val) => {
return util.inspect(val); return util.inspect(val);
}) })
@ -63,10 +65,11 @@ export default class NunjucksComponent extends ApplicationComponent<void> {
res.locals.query = req.query; res.locals.query = req.query;
res.locals.body = req.body; res.locals.body = req.body;
res.locals.app = config.get('app');
res.locals.websocketUrl = config.get('public_websocket_url');
next(); next();
}); });
} }
public getEnv(): Environment | undefined {
return this.env;
}
} }

View File

@ -9,19 +9,18 @@ import ExpressAppComponent from "./ExpressAppComponent";
import Application from "../Application"; import Application from "../Application";
import RedisComponent from "./RedisComponent"; import RedisComponent from "./RedisComponent";
import WebSocketListener from "../WebSocketListener"; import WebSocketListener from "../WebSocketListener";
import NunjucksComponent from "./NunjucksComponent";
export default class WebSocketServerComponent extends ApplicationComponent<void> { export default class WebSocketServerComponent extends ApplicationComponent<void> {
private readonly application: Application;
private readonly expressAppComponent: ExpressAppComponent;
private readonly storeComponent: RedisComponent;
private wss?: WebSocket.Server; private wss?: WebSocket.Server;
constructor(application: Application, expressAppComponent: ExpressAppComponent, storeComponent: RedisComponent) { constructor(
private readonly application: Application,
private readonly expressAppComponent: ExpressAppComponent,
private readonly storeComponent: RedisComponent,
private readonly nunjucksComponent?: NunjucksComponent,
) {
super(); super();
this.expressAppComponent = expressAppComponent;
this.application = application;
this.storeComponent = storeComponent;
} }
public async start(app: Express): Promise<void> { public async start(app: Express): Promise<void> {
@ -71,6 +70,11 @@ export default class WebSocketServerComponent extends ApplicationComponent<void>
}); });
}); });
}); });
const env = this.nunjucksComponent?.getEnv();
if (env) {
env.addGlobal('websocketUrl', config.get('public_websocket_url'));
}
} }
public async stop(): Promise<void> { public async stop(): Promise<void> {