2022-03-09 18:37:04 +00:00
|
|
|
import { Injectable, NestMiddleware } from '@nestjs/common';
|
|
|
|
|
import { NextFunction, Request, Response } from 'express';
|
|
|
|
|
import { TokenService } from 'src/modules/utility/services/token.service';
|
|
|
|
|
|
2022-08-17 18:56:47 +00:00
|
|
|
const DEV = process.env.NODE_ENV !== 'production';
|
|
|
|
|
|
2022-03-09 18:37:04 +00:00
|
|
|
@Injectable()
|
|
|
|
|
export class CSRFMiddleware implements NestMiddleware {
|
|
|
|
|
constructor(private readonly tokenService: TokenService) {}
|
|
|
|
|
|
|
|
|
|
use(req: Request, res: Response, next: NextFunction) {
|
2022-08-17 18:56:47 +00:00
|
|
|
let secretToken = req.cookies.XSRF;
|
|
|
|
|
if (!secretToken) {
|
|
|
|
|
secretToken = this.tokenService.csrf.secretSync();
|
|
|
|
|
res.cookie('XSRF', secretToken, {
|
|
|
|
|
maxAge: 60 * 60 * 1000,
|
|
|
|
|
secure: !DEV,
|
2022-09-09 15:28:54 +00:00
|
|
|
httpOnly: true,
|
2022-08-17 18:56:47 +00:00
|
|
|
sameSite: 'strict',
|
|
|
|
|
});
|
2022-03-09 18:37:04 +00:00
|
|
|
}
|
2022-03-20 15:06:04 +00:00
|
|
|
|
2022-08-17 18:56:47 +00:00
|
|
|
req.csrfToken = () => this.tokenService.csrf.create(secretToken);
|
2022-03-20 15:06:04 +00:00
|
|
|
|
2022-03-09 18:37:04 +00:00
|
|
|
next();
|
|
|
|
|
}
|
|
|
|
|
}
|
