Files
library/api/src/app/plugins/csrf.ts
T
2026-02-04 16:48:08 -08:00

27 lines
689 B
TypeScript

/**
* @copyright 2026 NHCarrigan
* @license Naomi's Public License
* @author Naomi Carrigan
*/
import { FastifyPluginAsync, FastifyRequest } from "fastify";
import fastifyPlugin from "fastify-plugin";
import fastifyCsrf from "@fastify/csrf-protection";
const csrfPlugin: FastifyPluginAsync = async (app) => {
await app.register(fastifyCsrf, {
sessionPlugin: "@fastify/cookie",
cookieOpts: {
path: "/",
httpOnly: true,
secure: process.env.NODE_ENV === "production",
sameSite: "lax",
},
getToken: (request: FastifyRequest) => {
return request.headers["x-csrf-token"] as string;
},
});
};
export default fastifyPlugin(csrfPlugin);