You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
32 lines
1.1 KiB
32 lines
1.1 KiB
import {FastifyReply, FastifyRequest} from "fastify";
|
|
import {RouteGenericInterface} from "fastify/types/route";
|
|
import cryptoRandomString from "crypto-random-string";
|
|
|
|
export interface XSRFRoute extends RouteGenericInterface {
|
|
Querystring: { [key in typeof XSRFParameter]: string | string[] | undefined }
|
|
}
|
|
|
|
export const XSRFCookie = "__Host-XSRF-Cookie";
|
|
export const XSRFParameter = "state" as const;
|
|
|
|
export function generateXSRFCookie(res: FastifyReply): string {
|
|
const newState = cryptoRandomString({
|
|
length: 32,
|
|
type: 'url-safe'
|
|
})
|
|
res.setCookie(XSRFCookie, newState, {
|
|
path: "/",
|
|
sameSite: "strict",
|
|
httpOnly: true,
|
|
signed: true,
|
|
secure: true,
|
|
})
|
|
return newState
|
|
}
|
|
|
|
export function checkAndClearXSRFCookie(req: FastifyRequest<XSRFRoute>, res: FastifyReply): boolean {
|
|
const queryState = req.query[XSRFParameter] ?? null
|
|
const cookieState = req.cookies[XSRFCookie] ?? null
|
|
res.clearCookie(XSRFCookie)
|
|
return cookieState !== null && queryState !== null && cookieState === queryState
|
|
} |