@blocklet/sdk 1.17.3-beta-20251119-034511-f26047c0 → 1.17.3-beta-20251120-052956-035abea6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/middlewares/csrf.d.ts +1 -1
- package/lib/middlewares/csrf.js +1 -20
- package/package.json +9 -9
|
@@ -16,7 +16,7 @@ export interface CSRFOptions {
|
|
|
16
16
|
* @note: 我们需要意识到 1. csrf token 不会被攻击者从 cookie 中得到 2. csrf token 的校验是需要当前用户的 login token 的,3. csrf token 不应该有过期时间
|
|
17
17
|
* @returns
|
|
18
18
|
*/
|
|
19
|
-
declare function defaultGenerateToken(req: Request
|
|
19
|
+
declare function defaultGenerateToken(req: Request): void;
|
|
20
20
|
declare function defaultVerifyToken(req: Request): void;
|
|
21
21
|
export declare function csrf(options?: CSRFOptions): RequestHandler;
|
|
22
22
|
export {};
|
package/lib/middlewares/csrf.js
CHANGED
|
@@ -6,12 +6,10 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
6
6
|
exports.csrf = csrf;
|
|
7
7
|
const isEmpty_1 = __importDefault(require("lodash/isEmpty"));
|
|
8
8
|
const joi_1 = __importDefault(require("joi"));
|
|
9
|
-
const debug_1 = __importDefault(require("debug"));
|
|
10
9
|
const jwt_decode_1 = __importDefault(require("jwt-decode"));
|
|
11
10
|
const csrf_1 = require("../util/csrf");
|
|
12
11
|
const wallet_1 = require("../util/wallet");
|
|
13
12
|
const config_1 = __importDefault(require("../config"));
|
|
14
|
-
const debug = (0, debug_1.default)('@blocklet/sdk:middleware:csrf');
|
|
15
13
|
function printCookieParserNotInstalledWarning() {
|
|
16
14
|
config_1.default.logger.warn('cookie-parser middleware is required for the csrf middleware to work properly.');
|
|
17
15
|
}
|
|
@@ -23,26 +21,9 @@ function printCookieParserNotInstalledWarning() {
|
|
|
23
21
|
* @note: 我们需要意识到 1. csrf token 不会被攻击者从 cookie 中得到 2. csrf token 的校验是需要当前用户的 login token 的,3. csrf token 不应该有过期时间
|
|
24
22
|
* @returns
|
|
25
23
|
*/
|
|
26
|
-
function defaultGenerateToken(req
|
|
24
|
+
function defaultGenerateToken(req) {
|
|
27
25
|
if (!req.cookies) {
|
|
28
26
|
printCookieParserNotInstalledWarning();
|
|
29
|
-
return;
|
|
30
|
-
}
|
|
31
|
-
if (req.cookies.login_token) {
|
|
32
|
-
const newCsrfToken = (0, csrf_1.sign)((0, csrf_1.getCsrfSecret)(), req.cookies.login_token);
|
|
33
|
-
const oldCsrfToken = req.cookies['x-csrf-token'];
|
|
34
|
-
if (newCsrfToken !== oldCsrfToken) {
|
|
35
|
-
debug('defaultGenerateToken.createCsrfToken', {
|
|
36
|
-
newCsrfToken,
|
|
37
|
-
oldCsrfToken,
|
|
38
|
-
loginTokenPart: req.cookies.login_token.slice(-32),
|
|
39
|
-
loginTokenDecoded: (0, jwt_decode_1.default)(req.cookies.login_token),
|
|
40
|
-
});
|
|
41
|
-
res.cookie('x-csrf-token', newCsrfToken, {
|
|
42
|
-
sameSite: 'strict',
|
|
43
|
-
secure: true,
|
|
44
|
-
});
|
|
45
|
-
}
|
|
46
27
|
}
|
|
47
28
|
}
|
|
48
29
|
function defaultVerifyToken(req) {
|
package/package.json
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
"publishConfig": {
|
|
4
4
|
"access": "public"
|
|
5
5
|
},
|
|
6
|
-
"version": "1.17.3-beta-
|
|
6
|
+
"version": "1.17.3-beta-20251120-052956-035abea6",
|
|
7
7
|
"description": "graphql client to read/write data on abt node",
|
|
8
8
|
"homepage": "https://www.arcblock.io/docs/blocklet-sdk-nodejs",
|
|
9
9
|
"main": "lib/index.js",
|
|
@@ -26,19 +26,19 @@
|
|
|
26
26
|
"author": "linchen1987 <linchen.1987@foxmail.com> (http://github.com/linchen1987)",
|
|
27
27
|
"license": "Apache-2.0",
|
|
28
28
|
"dependencies": {
|
|
29
|
-
"@abtnode/constant": "1.17.3-beta-
|
|
30
|
-
"@abtnode/db-cache": "1.17.3-beta-
|
|
31
|
-
"@abtnode/util": "1.17.3-beta-
|
|
29
|
+
"@abtnode/constant": "1.17.3-beta-20251120-052956-035abea6",
|
|
30
|
+
"@abtnode/db-cache": "1.17.3-beta-20251120-052956-035abea6",
|
|
31
|
+
"@abtnode/util": "1.17.3-beta-20251120-052956-035abea6",
|
|
32
32
|
"@arcblock/did": "^1.27.7",
|
|
33
33
|
"@arcblock/did-connect-js": "^1.27.7",
|
|
34
34
|
"@arcblock/did-ext": "^1.27.7",
|
|
35
35
|
"@arcblock/jwt": "^1.27.7",
|
|
36
36
|
"@arcblock/ws": "^1.27.7",
|
|
37
|
-
"@blocklet/constant": "1.17.3-beta-
|
|
38
|
-
"@blocklet/env": "1.17.3-beta-
|
|
37
|
+
"@blocklet/constant": "1.17.3-beta-20251120-052956-035abea6",
|
|
38
|
+
"@blocklet/env": "1.17.3-beta-20251120-052956-035abea6",
|
|
39
39
|
"@blocklet/error": "^0.3.3",
|
|
40
|
-
"@blocklet/meta": "1.17.3-beta-
|
|
41
|
-
"@blocklet/server-js": "1.17.3-beta-
|
|
40
|
+
"@blocklet/meta": "1.17.3-beta-20251120-052956-035abea6",
|
|
41
|
+
"@blocklet/server-js": "1.17.3-beta-20251120-052956-035abea6",
|
|
42
42
|
"@blocklet/theme": "^3.2.6",
|
|
43
43
|
"@did-connect/authenticator": "^2.2.8",
|
|
44
44
|
"@did-connect/handler": "^2.2.8",
|
|
@@ -82,5 +82,5 @@
|
|
|
82
82
|
"ts-node": "^10.9.1",
|
|
83
83
|
"typescript": "^5.6.3"
|
|
84
84
|
},
|
|
85
|
-
"gitHead": "
|
|
85
|
+
"gitHead": "fe41f1c21bb8e3efcf42623e9b0d24c77563862a"
|
|
86
86
|
}
|