kjanat/livedash-node
1
0
Fork 0
mirror of https://github.com/kjanat/livedash-node.git synced 2026-01-16 16:52:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: implement comprehensive CSRF protection

Browse Source
This commit is contained in:
Kaj Kowalski
2025-07-11 18:06:51 +02:00
committed by Kaj Kowalski
parent e7818f5e4f
commit 3e9e75e854
44 changed files with 14964 additions and 6413 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
middleware.ts
View File

@ -1,22 +1,35 @@
import type { NextRequest } from "next/server";
import { NextResponse } from "next/server";
import { authRateLimitMiddleware } from "./middleware/authRateLimit";
import { csrfProtectionMiddleware, csrfTokenMiddleware } from "./middleware/csrfProtection";
export async function middleware(request: NextRequest) {
// Handle CSRF token requests first
const csrfTokenResponse = csrfTokenMiddleware(request);
if (csrfTokenResponse) {
return csrfTokenResponse;
}
export function middleware(request: NextRequest) {
// Apply auth rate limiting
const authRateLimitResponse = authRateLimitMiddleware(request);
if (authRateLimitResponse.status === 429) {
return authRateLimitResponse;
}
// Apply CSRF protection
const csrfResponse = await csrfProtectionMiddleware(request);
if (csrfResponse.status === 403) {
return csrfResponse;
}
return NextResponse.next();
}
// Configure which routes the middleware runs on
export const config = {
matcher: [
// Apply to auth API routes
"/api/auth/:path*",
// Apply to API routes
"/api/:path*",
// Exclude static files and images
"/((?!_next/static|_next/image|favicon.ico).*)",
],