@adonisjs/shield
Version:
A middleware for AdonisJS to keep web applications secure from common web attacks
22 lines (21 loc) • 641 B
JavaScript
import Tokens from "csrf";
import { ApiClient, ApiRequest } from "@japa/api-client";
const CSRF_ENABLED = Symbol.for("CSRF_ENABLED");
const shieldApiClient = () => {
const pluginFn = function() {
ApiRequest.macro("withCsrfToken", function() {
this[CSRF_ENABLED] = true;
return this;
});
ApiClient.setup(async (request) => {
if (!request[CSRF_ENABLED]) return;
const tokens = new Tokens();
const secret = await tokens.secret();
const token = tokens.create(secret);
request.withSession({ "csrf-secret": secret });
request.header("x-csrf-token", token);
});
};
return pluginFn;
};
export { shieldApiClient };