Fix some nunjucks globals not properly set and make getCSRFToken dynamic

This commit is contained in:
Alice Gaudon 2020-09-23 16:11:51 +02:00
parent 47e0756930
commit 87aae6bb33
4 changed files with 28 additions and 17 deletions

View File

@ -1,6 +1,6 @@
{
"name": "wms-core",
"version": "0.22.0-rc.17",
"version": "0.22.0-rc.18",
"description": "Node web application framework and toolbelt.",
"repository": "https://gitlab.com/ArisuOngaku/wms-core",
"author": "Alice Gaudon <alice@gaudon.pro>",

View File

@ -6,6 +6,13 @@ import {BadRequestError} from "../HttpError";
export default class CsrfProtectionComponent extends ApplicationComponent<void> {
private static readonly excluders: ((req: Request) => boolean)[] = [];
public static getCSRFToken(session: Express.Session): string {
if (typeof session.csrf !== 'string') {
session.csrf = crypto.randomBytes(64).toString('base64');
}
return session.csrf;
}
public static addExcluder(excluder: (req: Request) => boolean) {
this.excluders.push(excluder);
}
@ -21,10 +28,7 @@ export default class CsrfProtectionComponent extends ApplicationComponent<void>
}
res.locals.getCSRFToken = () => {
if (typeof req.session!.csrf !== 'string') {
req.session!.csrf = crypto.randomBytes(64).toString('base64');
}
return req.session!.csrf;
return CsrfProtectionComponent.getCSRFToken(req.session!);
};
if (!['GET', 'HEAD', 'OPTIONS'].find(s => s === req.method)) {

View File

@ -12,7 +12,7 @@ export default class NunjucksComponent extends ApplicationComponent<void> {
private readonly viewsPath: string;
private env?: Environment;
constructor(viewsPath: string = 'views') {
public constructor(viewsPath: string = 'views') {
super();
this.viewsPath = viewsPath;
}
@ -46,6 +46,8 @@ export default class NunjucksComponent extends ApplicationComponent<void> {
.addGlobal('app_version', this.app!.getVersion())
.addGlobal('core_version', coreVersion)
.addGlobal('querystring', querystring)
.addGlobal('app', config.get('app'))
.addFilter('dump', (val) => {
return util.inspect(val);
})
@ -63,10 +65,11 @@ export default class NunjucksComponent extends ApplicationComponent<void> {
res.locals.query = req.query;
res.locals.body = req.body;
res.locals.app = config.get('app');
res.locals.websocketUrl = config.get('public_websocket_url');
next();
});
}
public getEnv(): Environment | undefined {
return this.env;
}
}

View File

@ -9,19 +9,18 @@ import ExpressAppComponent from "./ExpressAppComponent";
import Application from "../Application";
import RedisComponent from "./RedisComponent";
import WebSocketListener from "../WebSocketListener";
import NunjucksComponent from "./NunjucksComponent";
export default class WebSocketServerComponent extends ApplicationComponent<void> {
private readonly application: Application;
private readonly expressAppComponent: ExpressAppComponent;
private readonly storeComponent: RedisComponent;
private wss?: WebSocket.Server;
constructor(application: Application, expressAppComponent: ExpressAppComponent, storeComponent: RedisComponent) {
constructor(
private readonly application: Application,
private readonly expressAppComponent: ExpressAppComponent,
private readonly storeComponent: RedisComponent,
private readonly nunjucksComponent?: NunjucksComponent,
) {
super();
this.expressAppComponent = expressAppComponent;
this.application = application;
this.storeComponent = storeComponent;
}
public async start(app: Express): Promise<void> {
@ -71,6 +70,11 @@ export default class WebSocketServerComponent extends ApplicationComponent<void>
});
});
});
const env = this.nunjucksComponent?.getEnv();
if (env) {
env.addGlobal('websocketUrl', config.get('public_websocket_url'));
}
}
public async stop(): Promise<void> {