UNPKG

firestudio

Version:

CLI for developing apps with NextJS and Firebase

github.com/guessty/firestudio

guessty/firestudio

144 lines (117 loc) 3.51 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
import Tokens from 'csrf'; import cookieParser from 'cookie-parser'; import COOKIES from '../config/cookies'; import HEADERS from '../config/headers'; const tokens = new Tokens(); class Base { static middleware = () => {} static createCsrfPair = () => { const secret = tokens.secretSync(); const token = tokens.create(secret); return { token, secret }; } static verifyCsrfPair = (req, callback) => { const token = req.headers[HEADERS.CSRF]; const sessionCookie = req.cookies[COOKIES.SESSION.KEY] || {}; const secret = sessionCookie[COOKIES.SESSION.CSRF]; if (!secret) { return callback(); } const isValid = tokens.verify(secret, token); if (!isValid) { callback(); throw new Error('Invalid CSRF Token'); } return isValid; } constructor(req, res, next = () => {}) { this.req = req; this.res = res; this.next = next; // The Cache-Control is set to private by default when live, but we need to // explicitily set it so things work when serving the project locally. this.res.set('Cache-Control', 'private'); this.applyMiddleware(); this.cookies = { get: key => req.cookies[key], set: (key, value, options = {}) => res.cookie(key, value, options), }; this.get = this.get.bind(this); this.post = this.post.bind(this); this.put = this.put.bind(this); this.patch = this.patch.bind(this); this.delete = this.delete.bind(this); this.notImplemented = this.notImplemented.bind(this); this.clearCookie = this.clearCookie.bind(this); this.updateCookies = this.updateCookies.bind(this); } applyMiddleware() { cookieParser()(this.req, this.res, this.next); return this.constructor.middleware(this.req, this.res, this.next); } // eslint-disable-next-line class-methods-use-this notImplemented() { throw new Error('Not implemented'); } get() { return this.notImplemented(); } post() { return this.notImplemented(); } put() { return this.notImplemented(); } patch() { return this.notImplemented(); } delete() { return this.notImplemented(); } getMethodHandler() { switch (this.req.method) { case 'GET': return this.get; case 'POST': return this.post; case 'PUT': return this.put; case 'PATCH': return this.patch; case 'DELETE': return this.delete; default: return this.notImplemented; } } updateCookies(authToken) { Object.values(COOKIES).forEach((COOKIE) => { this.clearCookie(COOKIE.KEY); }); const { secret, token } = Base.createCsrfPair(); this.cookies.set(COOKIES.SESSION.KEY, { [COOKIES.SESSION.AUTH]: authToken, [COOKIES.SESSION.CSRF]: secret, }, COOKIES.SESSION.OPTIONS); this.cookies.set(COOKIES.CSRF.KEY, token, COOKIES.CSRF.OPTIONS); if (authToken) { this.cookies.set(COOKIES.STATUS.KEY, '1', COOKIES.STATUS.OPTIONS); } } clearCookie(key) { this.cookies.set(key, '', { maxAge: new Date(0) }); } async handle() { const methodHandler = this.getMethodHandler(); try { Base.verifyCsrfPair(this.req, () => this.updateCookies()); const response = methodHandler(); return response; } catch (thrown) { const { error, status } = thrown; console.log(thrown); return this.res.status(status || 500).json({ error: error || thrown }); } } } export default Base;