UNPKG

next-csrf

Version:

CSRF mitigation library for Next.js

1 lines 11.8 kB
{"ast":null,"code":"var _jsxFileName = \"/home/jolvera/proj/next-csrf/example/pages/index.js\";\nimport React from \"react\";\nvar __jsx = React.createElement;\nimport Head from \"next/head\";\nimport styles from \"../styles/Home.module.css\";\nexport var __N_SSP = true;\nexport default function Home() {\n // We send a request to setup the csrf token\n // fetch(\"http://localhost:3000/api/csrf/setup\")\n // .then((response) => {\n // console.log(response);\n // if (response.ok) {\n // console.log(\"response ok\");\n // console.log(\"csrf token setup correctly\");\n // // console.log(\"cookies\", document.cookie);\n // }\n // })\n // .catch((error) => console.error(error));\n var requestWithToken = function requestWithToken() {\n return fetch(\"/api/protected\", {\n method: \"post\"\n }).then(function (response) {\n if (response.ok) {\n console.log(\"protected response ok\");\n console.log(response);\n }\n })[\"catch\"](function (error) {\n return console.error(error);\n });\n };\n\n return __jsx(\"div\", {\n className: styles.container,\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 31,\n columnNumber: 5\n }\n }, __jsx(Head, {\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 32,\n columnNumber: 7\n }\n }, __jsx(\"title\", {\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 33,\n columnNumber: 9\n }\n }, \"Create Next App\"), __jsx(\"link\", {\n rel: \"icon\",\n href: \"/favicon.ico\",\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 34,\n columnNumber: 9\n }\n })), __jsx(\"main\", {\n className: styles.main,\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 37,\n columnNumber: 7\n }\n }, __jsx(\"h1\", {\n className: styles.title,\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 38,\n columnNumber: 9\n }\n }, \"Welcome to \", __jsx(\"a\", {\n href: \"https://nextjs.org\",\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 39,\n columnNumber: 22\n }\n }, \"Next.js!\")), __jsx(\"p\", {\n className: styles.description,\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 42,\n columnNumber: 9\n }\n }, \"Get started by editing\", \" \", __jsx(\"code\", {\n className: styles.code,\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 44,\n columnNumber: 11\n }\n }, \"pages/index.js\")), __jsx(\"div\", {\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 47,\n columnNumber: 9\n }\n }, __jsx(\"div\", {\n className: styles.card,\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 48,\n columnNumber: 11\n }\n }, __jsx(\"h3\", {\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 49,\n columnNumber: 13\n }\n }, \"Send a request with a valid CSRF token\"), __jsx(\"p\", {\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 51,\n columnNumber: 13\n }\n }, \"Open the Web Console and click in the button below to see how a valid request works.\"), __jsx(\"button\", {\n className: styles.button,\n onClick: requestWithToken,\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 56,\n columnNumber: 13\n }\n }, \"With CSRF token\")), __jsx(\"div\", {\n className: styles.card,\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 61,\n columnNumber: 11\n }\n }, __jsx(\"h3\", {\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 62,\n columnNumber: 13\n }\n }, \"Send a request without the CSRF token\"), __jsx(\"p\", {\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 64,\n columnNumber: 13\n }\n }, \"Because any request we send from the browser will have a cookie with the token attached, try to send a request from a terminal and see what happens with a missing or an invalid CSRF token.\"), __jsx(\"pre\", {\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 70,\n columnNumber: 13\n }\n }, __jsx(\"code\", {\n className: styles.code,\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 71,\n columnNumber: 15\n }\n }, \"$ curl -X POST http://localhost:3000/api/protected\")), __jsx(\"pre\", {\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 76,\n columnNumber: 13\n }\n }, __jsx(\"code\", {\n className: styles.code,\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 77,\n columnNumber: 15\n }\n }, \">> {\\\"message\\\": \\\"Invalid CSRF token\\\"}\"))))), __jsx(\"footer\", {\n className: styles.footer,\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 85,\n columnNumber: 7\n }\n }, __jsx(\"a\", {\n href: \"https://vercel.com?utm_source=create-next-app&utm_medium=default-template&utm_campaign=create-next-app\",\n target: \"_blank\",\n rel: \"noopener noreferrer\",\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 86,\n columnNumber: 9\n }\n }, \"Powered by\", \" \", __jsx(\"img\", {\n src: \"/vercel.svg\",\n alt: \"Vercel Logo\",\n className: styles.logo,\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 92,\n columnNumber: 11\n }\n }))));\n}\n_c = Home;\n\nvar _c;\n\n$RefreshReg$(_c, \"Home\");","map":{"version":3,"sources":["/home/jolvera/proj/next-csrf/example/pages/index.js"],"names":["Head","styles","Home","requestWithToken","fetch","method","then","response","ok","console","log","error","container","main","title","description","code","card","button","footer","logo"],"mappings":";;;AAAA,OAAOA,IAAP,MAAiB,WAAjB;AACA,OAAOC,MAAP,MAAmB,2BAAnB;;AAGA,eAAe,SAASC,IAAT,GAAgB;AAC7B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA,MAAMC,gBAAgB,GAAG,SAAnBA,gBAAmB;AAAA,WACvBC,KAAK,CAAC,gBAAD,EAAmB;AACtBC,MAAAA,MAAM,EAAE;AADc,KAAnB,CAAL,CAGGC,IAHH,CAGQ,UAACC,QAAD,EAAc;AAClB,UAAIA,QAAQ,CAACC,EAAb,EAAiB;AACfC,QAAAA,OAAO,CAACC,GAAR,CAAY,uBAAZ;AACAD,QAAAA,OAAO,CAACC,GAAR,CAAYH,QAAZ;AACD;AACF,KARH,WASS,UAACI,KAAD;AAAA,aAAWF,OAAO,CAACE,KAAR,CAAcA,KAAd,CAAX;AAAA,KATT,CADuB;AAAA,GAAzB;;AAYA,SACE;AAAK,IAAA,SAAS,EAAEV,MAAM,CAACW,SAAvB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,KACE,MAAC,IAAD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,KACE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,uBADF,EAEE;AAAM,IAAA,GAAG,EAAC,MAAV;AAAiB,IAAA,IAAI,EAAC,cAAtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAFF,CADF,EAME;AAAM,IAAA,SAAS,EAAEX,MAAM,CAACY,IAAxB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,KACE;AAAI,IAAA,SAAS,EAAEZ,MAAM,CAACa,KAAtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oBACa;AAAG,IAAA,IAAI,EAAC,oBAAR;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,gBADb,CADF,EAKE;AAAG,IAAA,SAAS,EAAEb,MAAM,CAACc,WAArB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,+BACyB,GADzB,EAEE;AAAM,IAAA,SAAS,EAAEd,MAAM,CAACe,IAAxB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAFF,CALF,EAUE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,KACE;AAAK,IAAA,SAAS,EAAEf,MAAM,CAACgB,IAAvB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,KACE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,8CADF,EAGE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,4FAHF,EAQE;AAAQ,IAAA,SAAS,EAAEhB,MAAM,CAACiB,MAA1B;AAAkC,IAAA,OAAO,EAAEf,gBAA3C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,uBARF,CADF,EAcE;AAAK,IAAA,SAAS,EAAEF,MAAM,CAACgB,IAAvB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,KACE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,6CADF,EAGE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oMAHF,EASE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,KACE;AAAM,IAAA,SAAS,EAAEhB,MAAM,CAACe,IAAxB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,0DADF,CATF,EAeE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,KACE;AAAM,IAAA,SAAS,EAAEf,MAAM,CAACe,IAAxB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,gDADF,CAfF,CAdF,CAVF,CANF,EAsDE;AAAQ,IAAA,SAAS,EAAEf,MAAM,CAACkB,MAA1B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,KACE;AACE,IAAA,IAAI,EAAC,wGADP;AAEE,IAAA,MAAM,EAAC,QAFT;AAGE,IAAA,GAAG,EAAC,qBAHN;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mBAKa,GALb,EAME;AAAK,IAAA,GAAG,EAAC,aAAT;AAAuB,IAAA,GAAG,EAAC,aAA3B;AAAyC,IAAA,SAAS,EAAElB,MAAM,CAACmB,IAA3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IANF,CADF,CAtDF,CADF;AAmED;KA5FuBlB,I","sourcesContent":["import Head from \"next/head\";\nimport styles from \"../styles/Home.module.css\";\nimport { setup } from \"../lib/csrf\";\n\nexport default function Home() {\n // We send a request to setup the csrf token\n // fetch(\"http://localhost:3000/api/csrf/setup\")\n // .then((response) => {\n // console.log(response);\n // if (response.ok) {\n // console.log(\"response ok\");\n // console.log(\"csrf token setup correctly\");\n // // console.log(\"cookies\", document.cookie);\n // }\n // })\n // .catch((error) => console.error(error));\n\n const requestWithToken = () =>\n fetch(\"/api/protected\", {\n method: \"post\",\n })\n .then((response) => {\n if (response.ok) {\n console.log(\"protected response ok\");\n console.log(response);\n }\n })\n .catch((error) => console.error(error));\n\n return (\n <div className={styles.container}>\n <Head>\n <title>Create Next App</title>\n <link rel=\"icon\" href=\"/favicon.ico\" />\n </Head>\n\n <main className={styles.main}>\n <h1 className={styles.title}>\n Welcome to <a href=\"https://nextjs.org\">Next.js!</a>\n </h1>\n\n <p className={styles.description}>\n Get started by editing{\" \"}\n <code className={styles.code}>pages/index.js</code>\n </p>\n\n <div>\n <div className={styles.card}>\n <h3>Send a request with a valid CSRF token</h3>\n\n <p>\n Open the Web Console and click in the button below to see how a\n valid request works.\n </p>\n\n <button className={styles.button} onClick={requestWithToken}>\n With CSRF token\n </button>\n </div>\n\n <div className={styles.card}>\n <h3>Send a request without the CSRF token</h3>\n\n <p>\n Because any request we send from the browser will have a cookie\n with the token attached, try to send a request from a terminal and\n see what happens with a missing or an invalid CSRF token.\n </p>\n\n <pre>\n <code className={styles.code}>\n $ curl -X POST http://localhost:3000/api/protected\n </code>\n </pre>\n\n <pre>\n <code className={styles.code}>\n {`>> {\"message\": \"Invalid CSRF token\"}`}\n </code>\n </pre>\n </div>\n </div>\n </main>\n\n <footer className={styles.footer}>\n <a\n href=\"https://vercel.com?utm_source=create-next-app&utm_medium=default-template&utm_campaign=create-next-app\"\n target=\"_blank\"\n rel=\"noopener noreferrer\"\n >\n Powered by{\" \"}\n <img src=\"/vercel.svg\" alt=\"Vercel Logo\" className={styles.logo} />\n </a>\n </footer>\n </div>\n );\n}\n\nexport const getServerSideProps = setup(async () => {\n return { props: {} };\n});\n"]},"metadata":{},"sourceType":"module"}