From 4b6972fb2181db41e6f4e75869b83dddebbaa1d2 Mon Sep 17 00:00:00 2001
From: Panagiotis Papadopoulos <pano_90@gmx.net>
Date: Sat, 8 Mar 2025 00:15:46 +0100
Subject: [PATCH] refactor(error_handlers): get rid of "any" type in csrf error
 handler

---
 src/routes/error_handlers.ts | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/src/routes/error_handlers.ts b/src/routes/error_handlers.ts
index 6a4ee714b..05b05f6a4 100644
--- a/src/routes/error_handlers.ts
+++ b/src/routes/error_handlers.ts
@@ -5,13 +5,20 @@ import ForbiddenError from "../errors/forbidden_error.js";
 import HttpError from "../errors/http_error.js";
 
 function register(app: Application) {
-    app.use((err: any, req: Request, res: Response, next: NextFunction) => {
-        if (err.code !== "EBADCSRFTOKEN") {
-            return next(err);
+
+    app.use((err: unknown | Error, req: Request, res: Response, next: NextFunction) => {
+
+        const isCsrfTokenError = typeof err === "object"
+            && err
+            && "code" in err
+            && err.code === "EBADCSRFTOKEN";
+
+        if (isCsrfTokenError) {
+            log.error(`Invalid CSRF token: ${req.headers["x-csrf-token"]}, secret: ${req.cookies["_csrf"]}`);
+            return next(new ForbiddenError("Invalid CSRF token"));
         }
 
-        log.error(`Invalid CSRF token: ${req.headers["x-csrf-token"]}, secret: ${req.cookies["_csrf"]}`);
-        next(new ForbiddenError("Invalid CSRF token"));
+        return next(err);
     });
 
     // catch 404 and forward to error handler