From 6e05c990d1b98e3e26317a8f554aa640591e3bf7 Mon Sep 17 00:00:00 2001
From: Evert Prants <evert@lunasqu.ee>
Date: Fri, 9 Sep 2022 18:28:54 +0300
Subject: [PATCH] some changes

---
 src/middleware/csrf.middleware.ts                      |  1 +
 src/modules/objects/privilege/privilege.entity.ts      | 10 ++++++++++
 .../oauth2-router/oauth2-router.module.ts              |  8 ++++++--
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/src/middleware/csrf.middleware.ts b/src/middleware/csrf.middleware.ts
index 0192791..274cc97 100644
--- a/src/middleware/csrf.middleware.ts
+++ b/src/middleware/csrf.middleware.ts
@@ -15,6 +15,7 @@ export class CSRFMiddleware implements NestMiddleware {
       res.cookie('XSRF', secretToken, {
         maxAge: 60 * 60 * 1000,
         secure: !DEV,
+        httpOnly: true,
         sameSite: 'strict',
       });
     }
diff --git a/src/modules/objects/privilege/privilege.entity.ts b/src/modules/objects/privilege/privilege.entity.ts
index 4a39b57..676588f 100644
--- a/src/modules/objects/privilege/privilege.entity.ts
+++ b/src/modules/objects/privilege/privilege.entity.ts
@@ -8,3 +8,13 @@ export class Privilege {
   @Column({ type: 'text', nullable: false })
   name: string;
 }
+
+/*
+  Initial entries:
+    admin
+    admin:user
+    admin:user:privilege
+    admin:document
+    admin:oauth2
+    self: oauth2
+*/
diff --git a/src/modules/static-front-end/oauth2-router/oauth2-router.module.ts b/src/modules/static-front-end/oauth2-router/oauth2-router.module.ts
index 326596e..7f33e76 100644
--- a/src/modules/static-front-end/oauth2-router/oauth2-router.module.ts
+++ b/src/modules/static-front-end/oauth2-router/oauth2-router.module.ts
@@ -16,10 +16,14 @@ export class OAuth2RouterModule implements NestModule {
   constructor(private _service: OAuth2Service) {}
 
   configure(consumer: MiddlewareConsumer) {
-    consumer.apply(CSRFMiddleware, UserMiddleware).forRoutes(OAuth2Controller);
     consumer.apply(this._service.oauth.express()).forRoutes('oauth2/*');
     consumer
-      .apply(AuthMiddleware, ValidateCSRFMiddleware)
+      .apply(
+        CSRFMiddleware,
+        UserMiddleware,
+        AuthMiddleware,
+        ValidateCSRFMiddleware,
+      )
       .forRoutes('oauth2/authorize');
   }
 }