@nauth-toolkit/core 0.1.60 → 0.1.61
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"csrf.handler.d.ts","sourceRoot":"","sources":["../../src/handlers/csrf.handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,WAAW,EAAiC,WAAW,EAAE,MAAM,UAAU,CAAC;AACnF,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAKrE;;;;GAIG;AACH,qBAAa,WAAW;IAEpB,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAFP,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,WAAW,EACnB,MAAM,CAAC,EAAE,WAAW,YAAA;IAGvC;;;;OAIG;IACU,MAAM,CAAC,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"csrf.handler.d.ts","sourceRoot":"","sources":["../../src/handlers/csrf.handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,WAAW,EAAiC,WAAW,EAAE,MAAM,UAAU,CAAC;AACnF,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAKrE;;;;GAIG;AACH,qBAAa,WAAW;IAEpB,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAFP,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,WAAW,EACnB,MAAM,CAAC,EAAE,WAAW,YAAA;IAGvC;;;;OAIG;IACU,MAAM,CAAC,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IA8C3G;;OAEG;YACW,sBAAsB;IAsCpC;;;;;OAKG;YACW,aAAa;CA0C5B"}
|
|
@@ -16,7 +16,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
16
16
|
exports.CsrfHandler = void 0;
|
|
17
17
|
const index_1 = require("../index");
|
|
18
18
|
/** HTTP methods that don't require CSRF validation */
|
|
19
|
-
const SAFE_METHODS = ['GET', 'HEAD'
|
|
19
|
+
const SAFE_METHODS = ['GET', 'HEAD'];
|
|
20
20
|
/**
|
|
21
21
|
* CsrfHandler
|
|
22
22
|
*
|
|
@@ -43,6 +43,17 @@ class CsrfHandler {
|
|
|
43
43
|
await next();
|
|
44
44
|
return;
|
|
45
45
|
}
|
|
46
|
+
// ============================================================================
|
|
47
|
+
// IMPORTANT: Never generate CSRF cookies on CORS preflight (OPTIONS)
|
|
48
|
+
// ============================================================================
|
|
49
|
+
// Browsers typically do NOT include cookies on preflight requests.
|
|
50
|
+
// If we generated a CSRF cookie here, we'd rotate the token between the time
|
|
51
|
+
// the client reads document.cookie (to set the header) and the actual request
|
|
52
|
+
// is sent, causing intermittent CSRF mismatches.
|
|
53
|
+
if (req.method === 'OPTIONS') {
|
|
54
|
+
await next();
|
|
55
|
+
return;
|
|
56
|
+
}
|
|
46
57
|
// Safe methods: Generate token if missing
|
|
47
58
|
if (SAFE_METHODS.includes(req.method)) {
|
|
48
59
|
await this.generateTokenIfMissing(req, res);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"csrf.handler.js","sourceRoot":"","sources":["../../src/handlers/csrf.handler.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;AAEH,oCAAmF;AAInF,sDAAsD;AACtD,MAAM,YAAY,GAAG,CAAC,KAAK,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"csrf.handler.js","sourceRoot":"","sources":["../../src/handlers/csrf.handler.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;AAEH,oCAAmF;AAInF,sDAAsD;AACtD,MAAM,YAAY,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;AAErC;;;;GAIG;AACH,MAAa,WAAW;IAEH;IACA;IACA;IAHnB,YACmB,WAAwB,EACxB,MAAmB,EACnB,MAAoB;QAFpB,gBAAW,GAAX,WAAW,CAAa;QACxB,WAAM,GAAN,MAAM,CAAa;QACnB,WAAM,GAAN,MAAM,CAAc;IACpC,CAAC;IAEJ;;;;OAIG;IACI,KAAK,CAAC,MAAM,CAAC,GAAiB,EAAE,GAAkB,EAAE,IAAgC;QACzF,kDAAkD;QAClD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,MAAM,IAAI,MAAM,CAAC;QAC3D,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YAChD,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,+EAA+E;QAC/E,qEAAqE;QACrE,+EAA+E;QAC/E,mEAAmE;QACnE,6EAA6E;QAC7E,8EAA8E;QAC9E,iDAAiD;QACjD,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC7B,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,0CAA0C;QAC1C,IAAI,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACtC,MAAM,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAC5C,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,yCAAyC;QACzC,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;YAC/B,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,sBAAsB;QACtB,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,aAAa,IAAI,EAAE,CAAC;QACtE,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9D,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,mEAAmE;QACnE,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAE9B,MAAM,IAAI,EAAE,CAAC;IACf,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,sBAAsB,CAAC,GAAiB,EAAE,GAAkB;QACxE,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QACpD,MAAM,aAAa,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAE9C,IAAI,aAAa,EAAE,CAAC;YAClB,+CAA+C;YAC/C,OAAO,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC;YACrC,OAAO;QACT,CAAC;QAED,qBAAqB;QACrB,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QAE/C,wEAAwE;QACxE,iEAAiE;QACjE,MAAM,iBAAiB,GAAG,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC;QAE9D,uBAAuB;QACvB,MAAM,aAAa,GAAG;YACpB,gFAAgF;YAChF,0FAA0F;YAC1F,QAAQ,EAAE,iBAAiB,CAAC,QAAQ,IAAI,KAAK;YAC7C,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,aAAa,EAAE,MAAM,IAAI,IAAI;YAChE,QAAQ,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,aAAa,EAAE,QAAQ,IAAI,QAAQ,CAA8B;YACvG,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,aAAa,EAAE,MAAM;YACxD,IAAI,EAAE,GAAG;YACT,GAAG,iBAAiB;SACrB,CAAC;QAEF,aAAa;QACb,GAAG,CAAC,SAAS,CAAC,UAAU,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC;QAEhD,kEAAkE;QAClE,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,EAAE,KAAK,CAAC,CAAC;QAEpD,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,8BAA8B,CAAC,CAAC;IACvD,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,aAAa,CAAC,GAAiB;QAC3C,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QACpD,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QAEpD,gCAAgC;QAChC,IAAI,gBAAgB,GAAG,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACjD,IAAI,CAAC,gBAAgB,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;YAClC,2BAA2B;YAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,IAA+B,CAAC;YACjD,gBAAgB,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,CAAuB,CAAC;QACpG,CAAC;QAED,wBAAwB;QACxB,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAE5C,iCAAiC;QACjC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,GAAG,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,sBAAc,CAChD,qBAAa,CAAC,kBAAkB,EAChC,gCAAgC,UAAU,0DAA0D,UAAU,UAAU,CACzH,CAAC;YACF,OAAO;QACT,CAAC;QAED,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,GAAG,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,sBAAc,CAChD,qBAAa,CAAC,kBAAkB,EAChC,kEAAkE,CACnE,CAAC;YACF,OAAO;QACT,CAAC;QAED,yBAAyB;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,WAAW,CAAC,CAAC;QAEtF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,GAAG,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,sBAAc,CAAC,qBAAa,CAAC,kBAAkB,EAAE,sBAAsB,CAAC,CAAC;YAC7G,OAAO;QACT,CAAC;QAED,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,mCAAmC,CAAC,CAAC;IAC5D,CAAC;CACF;AAnJD,kCAmJC"}
|