Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-08-10 02:02:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

refactor(error_handlers): get rid of "any" type in csrf error handler

Browse Source
This commit is contained in:
Panagiotis Papadopoulos 2025-03-08 00:15:46 +01:00
parent 76574f0938
commit 4b6972fb21
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/routes/error_handlers.ts
View File

@ -5,13 +5,20 @@ import ForbiddenError from "../errors/forbidden_error.js";
import HttpError from "../errors/http_error.js";
function register(app: Application) {
app.use((err: any, req: Request, res: Response, next: NextFunction) => {
if (err.code !== "EBADCSRFTOKEN") {
return next(err);
app.use((err: unknown | Error, req: Request, res: Response, next: NextFunction) => {
const isCsrfTokenError = typeof err === "object"
&& err
&& "code" in err
&& err.code === "EBADCSRFTOKEN";
if (isCsrfTokenError) {
log.error(`Invalid CSRF token: ${req.headers["x-csrf-token"]}, secret: ${req.cookies["_csrf"]}`);
return next(new ForbiddenError("Invalid CSRF token"));
}
log.error(`Invalid CSRF token: ${req.headers["x-csrf-token"]}, secret: ${req.cookies["_csrf"]}`);
next(new ForbiddenError("Invalid CSRF token"));
return next(err);
});
// catch 404 and forward to error handler