some changes

2022-09-09 18:28:54 +03:00 · 2022-09-09 18:28:54 +03:00 · 6e05c990d1
commit 6e05c990d1
parent 3b3fa2a7de
3 changed files with 17 additions and 2 deletions
--- a/src/middleware/csrf.middleware.ts
+++ b/src/middleware/csrf.middleware.ts
@ -15,6 +15,7 @@ export class CSRFMiddleware implements NestMiddleware {
      res.cookie('XSRF', secretToken, {
        maxAge: 60 * 60 * 1000,
        secure: !DEV,
+        httpOnly: true,
        sameSite: 'strict',
      });
    }
--- a/src/modules/objects/privilege/privilege.entity.ts
+++ b/src/modules/objects/privilege/privilege.entity.ts
@ -8,3 +8,13 @@ export class Privilege {
  @Column({ type: 'text', nullable: false })
  name: string;
 }
+
+/*
+  Initial entries:
+    admin
+    admin:user
+    admin:user:privilege
+    admin:document
+    admin:oauth2
+    self: oauth2
+*/
--- a/src/modules/static-front-end/oauth2-router/oauth2-router.module.ts
+++ b/src/modules/static-front-end/oauth2-router/oauth2-router.module.ts
@ -16,10 +16,14 @@ export class OAuth2RouterModule implements NestModule {
  constructor(private _service: OAuth2Service) {}

  configure(consumer: MiddlewareConsumer) {
-    consumer.apply(CSRFMiddleware, UserMiddleware).forRoutes(OAuth2Controller);
    consumer.apply(this._service.oauth.express()).forRoutes('oauth2/*');
    consumer
-      .apply(AuthMiddleware, ValidateCSRFMiddleware)
+      .apply(
+        CSRFMiddleware,
+        UserMiddleware,
+        AuthMiddleware,
+        ValidateCSRFMiddleware,
+      )
      .forRoutes('oauth2/authorize');
  }
 }