27 lines
776 B
TypeScript
27 lines
776 B
TypeScript
import { Injectable, NestMiddleware } from '@nestjs/common';
|
|
import { NextFunction, Request, Response } from 'express';
|
|
import { TokenService } from 'src/modules/utility/services/token.service';
|
|
|
|
@Injectable()
|
|
export class ValidateCSRFMiddleware implements NestMiddleware {
|
|
constructor(private readonly tokenService: TokenService) {}
|
|
|
|
use(req: Request, res: Response, next: NextFunction) {
|
|
// Never try to validate these
|
|
if (['GET', 'HEAD', 'OPTIONS'].includes(req.method)) {
|
|
return next();
|
|
}
|
|
|
|
// Multipart is handeled elsewhere
|
|
if (req.header('content-type')?.startsWith('multipart/form-data')) {
|
|
return next();
|
|
}
|
|
|
|
if (!this.tokenService.verifyCSRF(req)) {
|
|
return next(new Error('Invalid session'));
|
|
}
|
|
|
|
next();
|
|
}
|
|
}
|