1 | "use strict";
|
2 | Object.defineProperty(exports, "__esModule", { value: true });
|
3 | const uuidv4 = require("uuid/v4");
|
4 | const generateToken = () => (process.env.APP_ENGINE_ENVIRONMENT ? uuidv4() : 'development');
|
5 | const defaultValidatorOptions = {
|
6 | sameSite: true,
|
7 | };
|
8 | exports.CsrfValidator = (req, res, next, options) => {
|
9 | options = Object.assign({}, defaultValidatorOptions, options);
|
10 | if (req.session && !req.session.csrf) {
|
11 | req.session.csrf = generateToken();
|
12 | res.cookie('csrf-token', req.session.csrf, {
|
13 | sameSite: options.sameSite,
|
14 | maxAge: 9999999999,
|
15 | });
|
16 | }
|
17 | if (req.method === 'GET' || req.method === 'OPTIONS' || req.method === 'HEAD') {
|
18 | return next();
|
19 | }
|
20 | if (req.headers && req.session) {
|
21 | const token = req.headers['x-csrf-token'];
|
22 | if (token && token === req.session.csrf) {
|
23 | return next();
|
24 | }
|
25 | }
|
26 | res.status(403).send({
|
27 | message: 'Invalid CSRF token',
|
28 | });
|
29 | };
|
30 | exports.CsrfValidatorWithOptions = (options) => {
|
31 | return (req, res, next) => {
|
32 | return exports.CsrfValidator(req, res, next, options);
|
33 | };
|
34 | };
|
35 |
|
\ | No newline at end of file |