UNPKG

areto/filter/CsrfFilter.js

Version:

696 BJavaScriptView Raw

1/**
2 * @copyright Copyright (c) 2019 Maxim Khorin <maksimovichu@gmail.com>
3 */
4'use strict';
5
6const Base = require('./ActionFilter');
7
8module.exports = class CsrfFilter extends Base {
9
10    constructor (config) {
11        super({
12            csrfParam: 'csrf',
13            ...config
14        });
15    }
16
17    isActive (action) {
18        return action.user.auth.csrf && action.isPost() && super.isActive(action);
19    }
20
21    beforeAction (action) {
22        if (action.getPostParam(this.csrfParam) !== action.controller.getCsrfToken()) {
23            throw new BadRequest('Invalid CSRF token');
24        }
25    }
26};
27
28const BadRequest = require('../error/BadRequestHttpException');
\No newline at end of file

1	`/**`
2	`* @copyright Copyright (c) 2019 Maxim Khorin <maksimovichu@gmail.com>`
3	`*/`
4	`'use strict';`
5
6	`const Base = require('./ActionFilter');`
7
8	`module.exports = class CsrfFilter extends Base {`
9
10	`constructor (config) {`
11	`super({`
12	`csrfParam: 'csrf',`
13	`...config`
14	`});`
15	`}`
16
17	`isActive (action) {`
18	`return action.user.auth.csrf && action.isPost() && super.isActive(action);`
19	`}`
20
21	`beforeAction (action) {`
22	`if (action.getPostParam(this.csrfParam) !== action.controller.getCsrfToken()) {`
23	`throw new BadRequest('Invalid CSRF token');`
24	`}`
25	`}`
26	`};`
27
28	`const BadRequest = require('../error/BadRequestHttpException');`
\	No newline at end of file