Gacha game centered around vore.
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
|
import {FastifyReply, FastifyRequest} from "fastify";
|
|
|
|
import {RouteGenericInterface} from "fastify/types/route";
|
|
|
|
import {randomBytes} from "crypto";
|
|
|
|
|
|
|
|
export interface XSRFRoute extends RouteGenericInterface {
|
|
|
|
Querystring: { [key in typeof XSRFParameter]: string | string[] | undefined }
|
|
|
|
}
|
|
|
|
|
|
|
|
export const XSRFCookie = "__Host-XSRF-Cookie";
|
|
|
|
export const XSRFParameter = "state" as const;
|
|
|
|
|
|
|
|
export async function generateXSRFCookie(res: FastifyReply): Promise<string> {
|
|
|
|
const newState = randomBytes(30).toString("base64url")
|
|
|
|
res.setCookie(XSRFCookie, newState, {
|
|
|
|
path: "/",
|
|
|
|
sameSite: "strict",
|
|
|
|
httpOnly: true,
|
|
|
|
signed: true,
|
|
|
|
secure: true,
|
|
|
|
})
|
|
|
|
return newState
|
|
|
|
}
|
|
|
|
|
|
|
|
export function checkAndClearXSRFCookie(req: FastifyRequest<XSRFRoute>, res: FastifyReply): boolean {
|
|
|
|
const queryState = req.query[XSRFParameter] ?? null
|
|
|
|
const cookieState = req.cookies[XSRFCookie] ?? null
|
|
|
|
res.clearCookie(XSRFCookie)
|
|
|
|
return cookieState !== null && queryState !== null && cookieState === queryState
|
|
|
|
}
|