| 1 | "use strict";
|
| 2 | Object.defineProperty(exports, "__esModule", { value: true });
|
| 3 | const uuidv4 = require("uuid/v4");
|
| 4 | const generateToken = () => (process.env.APP_ENGINE_ENVIRONMENT ? uuidv4() : 'development');
|
| 5 | const defaultValidatorOptions = {
|
| 6 | sameSite: true,
|
| 7 | };
|
| 8 | exports.CsrfValidator = (req, res, next, options) => {
|
| 9 | options = Object.assign({}, defaultValidatorOptions, options);
|
| 10 | if (req.session && !req.session.csrf) {
|
| 11 | req.session.csrf = generateToken();
|
| 12 | res.cookie('csrf-token', req.session.csrf, {
|
| 13 | sameSite: options.sameSite,
|
| 14 | maxAge: 9999999999,
|
| 15 | });
|
| 16 | }
|
| 17 | if (req.method === 'GET' || req.method === 'OPTIONS' || req.method === 'HEAD') {
|
| 18 | return next();
|
| 19 | }
|
| 20 | if (req.headers && req.session) {
|
| 21 | const token = req.headers['x-csrf-token'];
|
| 22 | if (token && token === req.session.csrf) {
|
| 23 | return next();
|
| 24 | }
|
| 25 | }
|
| 26 | res.status(403).send({
|
| 27 | message: 'Invalid CSRF token',
|
| 28 | });
|
| 29 | };
|
| 30 | exports.CsrfValidatorWithOptions = (options) => {
|
| 31 | return (req, res, next) => {
|
| 32 | return exports.CsrfValidator(req, res, next, options);
|
| 33 | };
|
| 34 | };
|
| 35 | |
| \ | No newline at end of file |