generated from nhcarrigan/template
feat: security and auditing
This commit is contained in:
@@ -0,0 +1,26 @@
|
||||
/**
|
||||
* @copyright 2026 NHCarrigan
|
||||
* @license Naomi's Public License
|
||||
* @author Naomi Carrigan
|
||||
*/
|
||||
|
||||
import { FastifyPluginAsync, FastifyRequest } from "fastify";
|
||||
import fastifyPlugin from "fastify-plugin";
|
||||
import fastifyCsrf from "@fastify/csrf-protection";
|
||||
|
||||
const csrfPlugin: FastifyPluginAsync = async (app) => {
|
||||
await app.register(fastifyCsrf, {
|
||||
sessionPlugin: "@fastify/cookie",
|
||||
cookieOpts: {
|
||||
path: "/",
|
||||
httpOnly: true,
|
||||
secure: process.env.NODE_ENV === "production",
|
||||
sameSite: "lax",
|
||||
},
|
||||
getToken: (request: FastifyRequest) => {
|
||||
return request.headers["x-csrf-token"] as string;
|
||||
},
|
||||
});
|
||||
};
|
||||
|
||||
export default fastifyPlugin(csrfPlugin);
|
||||
Reference in New Issue
Block a user