import { FreshContext } from '$fresh/server.ts' import { SessionStore } from '../../src/session/mod.ts' import { respondApi } from '../../src/utils.ts' export function handler(request: Request, ctx: FreshContext) { // Check CSRF token if (['POST', 'PATCH', 'PUT', 'DELETE', 'OPTIONS'].includes(request.method)) { const session = SessionStore.getFromRequest(request) const csrf = session?.get('_csrf') if (csrf === undefined || request.headers.get('X-CSRF-TOKEN') !== csrf) { return respondApi('error', new Error('invalid csrf token'), 401) } } return ctx.next() }