-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
♻️ Recupération token depuis composant client
1 parent
6a970f4
commit 3953e06
Showing
9 changed files
with
99 additions
and
77 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
export default function CSRF() { | ||
return <></>; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
9 changes: 2 additions & 7 deletions
9
packages/applications/ssr/src/components/pages/abandon/demander/DemanderAbandon.page.tsx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,69 +1,12 @@ | ||
import { CsrfError, createCsrfProtect } from '@edge-csrf/nextjs'; | ||
import { NextFetchEvent, NextRequest, NextResponse } from 'next/server'; | ||
import { NextMiddlewareResult } from 'next/dist/server/web/types'; | ||
import { getToken } from 'next-auth/jwt'; | ||
|
||
export type CustomMiddleware = ( | ||
request: NextRequest, | ||
event: NextFetchEvent, | ||
response: NextResponse, | ||
) => NextMiddlewareResult | Promise<NextMiddlewareResult>; | ||
|
||
type MiddlewareFactory = (middleware: CustomMiddleware) => CustomMiddleware; | ||
|
||
export const chain = (functions: MiddlewareFactory[], index = 0): CustomMiddleware => { | ||
const current = functions[index]; | ||
|
||
if (current) { | ||
const next = chain(functions, index + 1); | ||
return current(next); | ||
} | ||
|
||
return (request: NextRequest, event: NextFetchEvent, response: NextResponse) => { | ||
return response; | ||
}; | ||
}; | ||
|
||
const csrfProtect = createCsrfProtect({ | ||
cookie: { | ||
sameSite: true, | ||
secure: true, | ||
}, | ||
}); | ||
|
||
function withCSRF(middleware: CustomMiddleware) { | ||
return async (request: NextRequest, event: NextFetchEvent) => { | ||
const response = NextResponse.next(); | ||
|
||
try { | ||
await csrfProtect(request, response); | ||
} catch (err) { | ||
if (err instanceof CsrfError) { | ||
return NextResponse.redirect(new URL('/error', request.url)); | ||
} | ||
throw err; | ||
} | ||
|
||
return middleware(request, event, response); | ||
}; | ||
} | ||
|
||
function withNextAuth(middleware: CustomMiddleware) { | ||
return async (request: NextRequest, event: NextFetchEvent) => { | ||
const token = await getToken({ req: request, secret: process.env.NEXTAUTH_SECRET }); | ||
if (!token) { | ||
return NextResponse.redirect(new URL('/auth/signIn', request.url)); | ||
} | ||
|
||
return middleware(request, event, NextResponse.next()); | ||
}; | ||
} | ||
import { chain } from './middlewares/chain'; | ||
import { withNextAuth } from './middlewares/withNextAuth'; | ||
import { withCSRF } from './middlewares/withCSRF'; | ||
|
||
export default chain([withNextAuth, withCSRF]); | ||
|
||
export const config = { | ||
// do not run middleware for paths matching one of following | ||
matcher: [ | ||
'/((?!api|_next/static|_next/image|auth|favicon.ico|robots.txt|images|illustrations|$).*)', | ||
'/((?!api|_next/static|_next/image|auth|favicon.ico|robots.txt|images|illustrations|error|$).*)', | ||
], | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
import { NextFetchEvent, NextRequest, NextResponse } from 'next/server'; | ||
|
||
import { CustomMiddleware, MiddlewareFactory } from './middleware'; | ||
|
||
export const chain = (functions: MiddlewareFactory[], index = 0): CustomMiddleware => { | ||
const current = functions[index]; | ||
|
||
if (current) { | ||
const next = chain(functions, index + 1); | ||
return current(next); | ||
} | ||
|
||
return (_request: NextRequest, _event: NextFetchEvent, response: NextResponse) => { | ||
return response; | ||
}; | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
import { NextMiddlewareResult } from 'next/dist/server/web/types'; | ||
import { NextFetchEvent, NextRequest, NextResponse } from 'next/server'; | ||
|
||
export type CustomMiddleware = ( | ||
request: NextRequest, | ||
event: NextFetchEvent, | ||
response: NextResponse, | ||
) => NextMiddlewareResult | Promise<NextMiddlewareResult>; | ||
|
||
export type MiddlewareFactory = (middleware: CustomMiddleware) => CustomMiddleware; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
import { createCsrfProtect, CsrfError } from '@edge-csrf/nextjs'; | ||
import { NextFetchEvent, NextRequest, NextResponse } from 'next/server'; | ||
|
||
import { CustomMiddleware } from './middleware'; | ||
|
||
const csrfProtect = createCsrfProtect({ | ||
cookie: { | ||
sameSite: true, | ||
secure: true, | ||
httpOnly: true, | ||
}, | ||
token: { | ||
responseHeader: 'csrf_token', | ||
}, | ||
}); | ||
|
||
export function withCSRF(middleware: CustomMiddleware) { | ||
return async (request: NextRequest, event: NextFetchEvent) => { | ||
const response = NextResponse.next(); | ||
|
||
try { | ||
await csrfProtect(request, response); | ||
} catch (err) { | ||
if (err instanceof CsrfError) { | ||
return NextResponse.redirect(new URL('/error', request.url)); | ||
} | ||
throw err; | ||
} | ||
|
||
return middleware(request, event, response); | ||
}; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
import { NextFetchEvent, NextRequest, NextResponse } from 'next/server'; | ||
import { getToken } from 'next-auth/jwt'; | ||
|
||
import { CustomMiddleware } from './middleware'; | ||
|
||
export function withNextAuth(middleware: CustomMiddleware) { | ||
return async (request: NextRequest, event: NextFetchEvent) => { | ||
const token = await getToken({ req: request, secret: process.env.NEXTAUTH_SECRET }); | ||
if (!token) { | ||
return NextResponse.redirect(new URL('/auth/signIn', request.url)); | ||
} | ||
|
||
return middleware(request, event, NextResponse.next()); | ||
}; | ||
} |