@dwp/govuk-casa/dist/middleware/csrf.js

A framework for building GOVUK Collect-And-Submit-Applications

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.default = csrfMiddleware;
const csrf_sync_1 = require("csrf-sync");
/**
 * @typedef {import("express").RequestHandler} RequestHandler
 * @access private
 */
/**
 * Data middleware.
 *
 * 2 middleware: one to generate the csrf token and check its validity (POST
 * only), and one to provide that token to templates via the `casa.csrfToken`
 * variable.
 *
 * @returns {RequestHandler[]} Middleware functions
 */
function csrfMiddleware() {
    const { csrfSynchronisedProtection } = (0, csrf_sync_1.csrfSync)({
        getTokenFromRequest: (req) => req.body._csrf,
    });
    return [
        csrfSynchronisedProtection,
        (req, res, next) => {
            res.locals.casa = {
                ...res.locals?.casa,
                csrfToken: req.csrfToken(),
            };
            next();
        },
    ];
}
//# sourceMappingURL=csrf.js.map