@adonisjs/shield
Version:
A middleware for AdonisJS to keep web applications secure from common web attacks
52 lines (51 loc) • 1.72 kB
JavaScript
import "node:module";
import { Exception } from "@adonisjs/core/exceptions";
var __defProp = Object.defineProperty;
var __exportAll = (all, no_symbols) => {
let target = {};
for (var name in all) __defProp(target, name, {
get: all[name],
enumerable: true
});
if (!no_symbols) __defProp(target, Symbol.toStringTag, { value: "Module" });
return target;
};
var errors_exports = /* @__PURE__ */ __exportAll({ E_BAD_CSRF_TOKEN: () => E_BAD_CSRF_TOKEN });
const E_BAD_CSRF_TOKEN = class InvalidCSRFToken extends Exception {
code = "E_BAD_CSRF_TOKEN";
status = 403;
message = "Invalid or expired CSRF token";
identifier = "errors.E_BAD_CSRF_TOKEN";
getResponseMessage(error, ctx) {
if ("i18n" in ctx) return ctx.i18n.t(error.identifier, {}, error.message);
return error.message;
}
async handle(error, ctx) {
if (!ctx.request.header("X-Inertia")) ctx.session.flashExcept([
"_csrf",
"_method",
"password",
"password_confirmation"
]);
const message = this.getResponseMessage(error, ctx);
ctx.session.flash("error", message);
ctx.session.flashErrors({ [error.code]: message });
ctx.response.redirect().back();
}
};
var CSPKeywords = class {
#keywordsResolvers = {};
register(keyword, resolver) {
this.#keywordsResolvers[keyword] = resolver;
return this;
}
resolve(directiveValues) {
if (Array.isArray(directiveValues)) Object.keys(this.#keywordsResolvers).forEach((keyword) => {
const keywordIndex = directiveValues.indexOf(keyword);
if (keywordIndex > -1) directiveValues[keywordIndex] = this.#keywordsResolvers[keyword];
});
return directiveValues;
}
};
const cspKeywords = new CSPKeywords();
export { E_BAD_CSRF_TOKEN as n, errors_exports as r, cspKeywords as t };