UNPKG

nuxt-csurf

Version:

Nuxt Cross-Site Request Forgery (CSRF) Prevention

33 lines (32 loc) 1.37 kB
import * as csrf from "uncsrf"; import { getCookie, setCookie } from "h3"; import { useSecretKey } from "../helpers.js"; import { useRuntimeConfig } from "#imports"; const defineNitroPlugin = (def) => def; export default defineNitroPlugin((nitroApp) => { const csrfConfig = useRuntimeConfig().csurf; const cookieKey = csrfConfig.cookieKey; if (csrfConfig.addCsrfTokenToEventCtx) { nitroApp.hooks.hook("request", async (event) => { let secret = getCookie(event, cookieKey); if (!secret) { secret = csrf.randomSecret(); setCookie(event, cookieKey, secret, csrfConfig.cookie); } event.context.csrfToken = await csrf.create(secret, await useSecretKey(csrfConfig), csrfConfig.encryptAlgorithm); }); nitroApp.hooks.hook("render:html", async (html, { event }) => { html.head.push(`<meta name="csrf-token" content="${event.context.csrfToken}">`); }); } else { nitroApp.hooks.hook("render:html", async (html, { event }) => { let secret = getCookie(event, cookieKey); if (!secret) { secret = csrf.randomSecret(); setCookie(event, cookieKey, secret, csrfConfig.cookie); } const csrfToken = await csrf.create(secret, await useSecretKey(csrfConfig), csrfConfig.encryptAlgorithm); html.head.push(`<meta name="csrf-token" content="${csrfToken}">`); }); } });