@adonisjs/shield
Version:
A middleware for AdonisJS to keep web applications secure from common web attacks
30 lines (28 loc) • 799 B
JavaScript
import "../../chunk-MLKGABMK.js";
// src/plugins/api_client.ts
import Tokens from "csrf";
import { ApiClient, ApiRequest } from "@japa/api-client";
var CSRF_ENABLED = Symbol.for("CSRF_ENABLED");
var shieldApiClient = () => {
const pluginFn = function() {
ApiRequest.macro("withCsrfToken", function() {
this[CSRF_ENABLED] = true;
return this;
});
ApiClient.setup(async (request) => {
const isCSRFEnabled = request[CSRF_ENABLED];
if (!isCSRFEnabled) {
return;
}
const tokens = new Tokens();
const secret = await tokens.secret();
const token = tokens.create(secret);
request.withSession({ "csrf-secret": secret });
request.header("x-csrf-token", token);
});
};
return pluginFn;
};
export {
shieldApiClient
};