2022-03-09 18:37:04 +00:00
|
|
|
import { Injectable, NestMiddleware } from '@nestjs/common';
|
|
|
|
import { NextFunction, Request, Response } from 'express';
|
|
|
|
import { TokenService } from 'src/modules/utility/services/token.service';
|
|
|
|
|
|
|
|
@Injectable()
|
|
|
|
export class CSRFMiddleware implements NestMiddleware {
|
|
|
|
constructor(private readonly tokenService: TokenService) {}
|
|
|
|
|
|
|
|
use(req: Request, res: Response, next: NextFunction) {
|
2022-03-20 14:50:12 +00:00
|
|
|
// TODO: do not store in session, keep the amount of pointless sessions down
|
2022-03-09 18:37:04 +00:00
|
|
|
if (!req.session.csrf) {
|
|
|
|
req.session.csrf = this.tokenService.generateString(64);
|
|
|
|
}
|
|
|
|
next();
|
|
|
|
}
|
|
|
|
}
|