19 lines
517 B
TypeScript
19 lines
517 B
TypeScript
import { Injectable, NestMiddleware } from '@nestjs/common';
|
|
import { NextFunction, Request, Response } from 'express';
|
|
|
|
@Injectable()
|
|
export class ValidateCSRFMiddleware implements NestMiddleware {
|
|
use(req: Request, res: Response, next: NextFunction) {
|
|
// Multipart is handeled elsewhere
|
|
if (req.header('content-type')?.startsWith('multipart/form-data')) {
|
|
return next();
|
|
}
|
|
|
|
if (req.body._csrf !== req.session.csrf) {
|
|
return next(new Error('Invalid session'));
|
|
}
|
|
|
|
next();
|
|
}
|
|
}
|