20 lines
578 B
TypeScript
20 lines
578 B
TypeScript
import { SessionStore } from ':src/session/mod.ts'
|
|
import { respondApi } from ':src/utils.ts'
|
|
import { define } from '../../utils.ts'
|
|
|
|
export const handler = define.handlers((ctx) => {
|
|
// Check CSRF token
|
|
const request = ctx.req
|
|
|
|
if (['POST', 'PATCH', 'PUT', 'DELETE', 'OPTIONS'].includes(request.method)) {
|
|
const session = SessionStore.getFromRequest(request)
|
|
const csrf = session?.get('_csrf')
|
|
|
|
if (csrf === undefined || request.headers.get('X-CSRF-TOKEN') !== csrf) {
|
|
return respondApi('error', new Error('invalid csrf token'), 401)
|
|
}
|
|
}
|
|
|
|
return ctx.next()
|
|
})
|