@hyperspan/framework 0.4.2 → 0.4.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server.js +33 -0
- package/package.json +1 -1
- package/src/server.ts +3 -0
package/dist/server.js
CHANGED
|
@@ -1894,6 +1894,38 @@ var HTTPException = class extends Error {
|
|
|
1894
1894
|
}
|
|
1895
1895
|
};
|
|
1896
1896
|
|
|
1897
|
+
// ../../node_modules/hono/dist/middleware/csrf/index.js
|
|
1898
|
+
var isSafeMethodRe = /^(GET|HEAD)$/;
|
|
1899
|
+
var isRequestedByFormElementRe = /^\b(application\/x-www-form-urlencoded|multipart\/form-data|text\/plain)\b/i;
|
|
1900
|
+
var csrf = (options) => {
|
|
1901
|
+
const handler = ((optsOrigin) => {
|
|
1902
|
+
if (!optsOrigin) {
|
|
1903
|
+
return (origin, c) => origin === new URL(c.req.url).origin;
|
|
1904
|
+
} else if (typeof optsOrigin === "string") {
|
|
1905
|
+
return (origin) => origin === optsOrigin;
|
|
1906
|
+
} else if (typeof optsOrigin === "function") {
|
|
1907
|
+
return optsOrigin;
|
|
1908
|
+
} else {
|
|
1909
|
+
return (origin) => optsOrigin.includes(origin);
|
|
1910
|
+
}
|
|
1911
|
+
})(options?.origin);
|
|
1912
|
+
const isAllowedOrigin = (origin, c) => {
|
|
1913
|
+
if (origin === undefined) {
|
|
1914
|
+
return false;
|
|
1915
|
+
}
|
|
1916
|
+
return handler(origin, c);
|
|
1917
|
+
};
|
|
1918
|
+
return async function csrf2(c, next) {
|
|
1919
|
+
if (!isSafeMethodRe.test(c.req.method) && isRequestedByFormElementRe.test(c.req.header("content-type") || "text/plain") && !isAllowedOrigin(c.req.header("origin"), c)) {
|
|
1920
|
+
const res = new Response("Forbidden", {
|
|
1921
|
+
status: 403
|
|
1922
|
+
});
|
|
1923
|
+
throw new HTTPException(403, { res });
|
|
1924
|
+
}
|
|
1925
|
+
await next();
|
|
1926
|
+
};
|
|
1927
|
+
};
|
|
1928
|
+
|
|
1897
1929
|
// src/server.ts
|
|
1898
1930
|
var IS_PROD = false;
|
|
1899
1931
|
var CWD = process.cwd();
|
|
@@ -2193,6 +2225,7 @@ function createRouteFromModule(RouteModule) {
|
|
|
2193
2225
|
async function createServer(config) {
|
|
2194
2226
|
await Promise.all([buildClientJS(), buildClientCSS(), clientJSPlugin(config)]);
|
|
2195
2227
|
const app = new Hono2;
|
|
2228
|
+
app.use(csrf());
|
|
2196
2229
|
config.beforeRoutesAdded && config.beforeRoutesAdded(app);
|
|
2197
2230
|
const [routes, actions] = await Promise.all([buildRoutes(config), buildActions(config)]);
|
|
2198
2231
|
const fileRoutes = routes.concat(actions);
|
package/package.json
CHANGED
package/src/server.ts
CHANGED
|
@@ -7,6 +7,7 @@ import { isbot } from 'isbot';
|
|
|
7
7
|
import { Hono, type Context } from 'hono';
|
|
8
8
|
import { serveStatic } from 'hono/bun';
|
|
9
9
|
import { HTTPException } from 'hono/http-exception';
|
|
10
|
+
import { csrf } from 'hono/csrf';
|
|
10
11
|
|
|
11
12
|
import type { HandlerResponse, MiddlewareHandler } from 'hono/types';
|
|
12
13
|
import type { ContentfulStatusCode } from 'hono/utils/http-status';
|
|
@@ -509,6 +510,8 @@ export async function createServer(config: THSServerConfig): Promise<Hono> {
|
|
|
509
510
|
|
|
510
511
|
const app = new Hono();
|
|
511
512
|
|
|
513
|
+
app.use(csrf());
|
|
514
|
+
|
|
512
515
|
// [Customization] Before routes added...
|
|
513
516
|
config.beforeRoutesAdded && config.beforeRoutesAdded(app);
|
|
514
517
|
|