From 756c5564b36ac4cdaff1e0e55c1a1deab840a4d8 Mon Sep 17 00:00:00 2001
From: Julien Oculi <xdrz.jot.sr@gmail.com>
Date: Thu, 13 Jun 2024 12:20:47 +0200
Subject: [PATCH] feat: :lock: add csrf checks

---
 routes/_middleware.ts | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/routes/_middleware.ts b/routes/_middleware.ts
index 5dfcb55..86a88bb 100644
--- a/routes/_middleware.ts
+++ b/routes/_middleware.ts
@@ -1,4 +1,6 @@
 import { FreshContext } from '$fresh/server.ts'
+import { getCookies, setCookie } from '@std/http/cookie'
+import { SessionStore } from '../src/session/mod.ts'
 
 export async function handler(request: Request, ctx: FreshContext) {
 	// Allow service worker to serve root scope
@@ -7,5 +9,34 @@ export async function handler(request: Request, ctx: FreshContext) {
 	if (url.pathname.endsWith('island-startserviceworker.js')) {
 		response.headers.set('Service-Worker-Allowed', '/')
 	}
+
+	// Start session
+	if (getCookies(request.headers)['_SESSION'] === undefined) {
+		const session = SessionStore.createSession()
+
+		// Set session cookie
+		setCookie(response.headers, {
+			name: '_SESSION',
+			value: session.uuid,
+			httpOnly: true,
+			sameSite: 'Strict',
+			secure: true,
+			expires: SessionStore.maxAge,
+		})
+
+		// Set csrf
+		const csrf = crypto.randomUUID()
+		session.set('_csrf', csrf)
+
+		setCookie(response.headers, {
+			name: '_CSRF',
+			value: csrf,
+			httpOnly: false,
+			sameSite: 'Strict',
+			secure: true,
+			expires: SessionStore.maxAge,
+		})
+	}
+
 	return response
 }