chore: removed vercel-specific code, added csrf middleware

technologiestiftung · Oct 24, 2023 · 77d28ab · 77d28ab
1 parent 7e69d84
commit 77d28ab
Show file tree

Hide file tree

Showing 14 changed files with 9,243 additions and 24,949 deletions.
diff --git a/.vercelignore b/.vercelignore
diff --git a/middleware.ts b/middleware.ts
@@ -0,0 +1,40 @@
+import csrf from "edge-csrf";
+import { NextResponse } from "next/server";
+import type { NextRequest } from "next/server";
+
+// initalize protection function
+console.log("hallo middleware")
+
+const csrfProtect = csrf({
+  cookie: {
+    name: "_csrfSecret",
+    path: "/",
+    maxAge: undefined,
+    domain: '',
+    secure: true,
+    httpOnly: true,
+    sameSite: "strict",
+  },
+  ignoreMethods: ["GET", "HEAD", "OPTIONS"],
+  saltByteLength: 8,
+  secretByteLength: 18,
+  token: {
+    responseHeader: "X-CSRF-Token",
+    value: undefined,
+  },
+});
+
+export async function middleware(request: NextRequest) {
+  const response = NextResponse.next();
+
+  // csrf protection
+  const csrfError = await csrfProtect(request, response);
+
+  // check result
+  if (csrfError) {
+    console.log(csrfError);
+    return new NextResponse("invalid csrf token", { status: 403 });
+  }
+
+  return response;
+}
diff --git a/next-env.d.ts b/next-env.d.ts
@@ -0,0 +1,5 @@
+/// <reference types="next" />
+/// <reference types="next/image-types/global" />
+
+// NOTE: This file should not be edited
+// see https://nextjs.org/docs/basic-features/typescript for more information.