1 |
|
2 |
|
3 |
|
4 | 'use strict';
|
5 |
|
6 | const Base = require('./ActionFilter');
|
7 |
|
8 | module.exports = class CsrfFilter extends Base {
|
9 |
|
10 | constructor (config) {
|
11 | super({
|
12 | csrfParam: 'csrf',
|
13 | ...config
|
14 | });
|
15 | }
|
16 |
|
17 | isActive (action) {
|
18 | return action.user.auth.csrf && action.isPost() && super.isActive(action);
|
19 | }
|
20 |
|
21 | beforeAction (action) {
|
22 | if (action.getPostParam(this.csrfParam) !== action.controller.getCsrfToken()) {
|
23 | throw new BadRequest('Invalid CSRF token');
|
24 | }
|
25 | }
|
26 | };
|
27 |
|
28 | const BadRequest = require('../error/BadRequestHttpException'); |
\ | No newline at end of file |