nestjs-mvc-tools
Version:
NestJS MVC Tools is a small set of tools designed to help you get started more easily with traditional web development approaches in NestJS.
75 lines (74 loc) • 3.68 kB
JavaScript
;
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
var NestMvcCsrfService_1;
Object.defineProperty(exports, "__esModule", { value: true });
exports.NestMvcCsrfService = void 0;
const common_1 = require("@nestjs/common");
const csrf_1 = __importDefault(require("csrf"));
const nest_mvc_logger_service_1 = require("./nest-mvc-logger.service");
const nest_mvc_options_service_1 = require("./nest-mvc-options.service");
/**
* Service for CSRF (Cross-Site Request Forgery) protection.
* Provides token generation, management, and verification functionality.
*/
let NestMvcCsrfService = NestMvcCsrfService_1 = class NestMvcCsrfService {
// --------------------------------------------------------
// Methods
// --------------------------------------------------------
constructor(optionsService, logger) {
this.optionsService = optionsService;
this.logger = logger;
const options = this.optionsService.csrfOptions;
this.logger.debug("NestMvcCsrfService constructor called", NestMvcCsrfService_1.name);
this.logger.debug(`CSRF options: saltLength=${options.saltLength}, secretLength=${options.secretLength}`, NestMvcCsrfService_1.name);
this.tokens = new csrf_1.default({
saltLength: options.saltLength,
secretLength: options.secretLength,
});
this.logger.debug("CSRF token generator initialized successfully", NestMvcCsrfService_1.name);
}
/**
* @description Generate a new CSRF secret
*/
generateSecret() {
this.logger.debug("Generating CSRF secret", NestMvcCsrfService_1.name);
const secret = this.tokens.secretSync();
this.logger.debug("CSRF secret generated successfully", NestMvcCsrfService_1.name);
return secret;
}
/**
* @description Generate token from secret
*/
generateToken(secret) {
this.logger.debug("Generating CSRF token from secret", NestMvcCsrfService_1.name);
const token = this.tokens.create(secret);
this.logger.debug("CSRF token generated successfully", NestMvcCsrfService_1.name);
return token;
}
/**
* @description Token Verification
*/
verifyToken(secret, token) {
this.logger.debug("Verifying CSRF token", NestMvcCsrfService_1.name);
const isValid = this.tokens.verify(secret, token);
this.logger.debug(`CSRF token verification result: ${isValid}`, NestMvcCsrfService_1.name);
return isValid;
}
};
exports.NestMvcCsrfService = NestMvcCsrfService;
exports.NestMvcCsrfService = NestMvcCsrfService = NestMvcCsrfService_1 = __decorate([
(0, common_1.Injectable)(),
__metadata("design:paramtypes", [nest_mvc_options_service_1.NestMvcOptionsService,
nest_mvc_logger_service_1.NestMvcLoggerService])
], NestMvcCsrfService);