refactor(error_handlers): get rid of "any" type in csrf error handler

src/routes/error_handlers.ts

@@ -5,13 +5,20 @@ import ForbiddenError from "../errors/forbidden_error.js";
 import HttpError from "../errors/http_error.js";
 
 function register(app: Application) {
-    app.use((err: any, req: Request, res: Response, next: NextFunction) => {
+
-        if (err.code !== "EBADCSRFTOKEN") {
+    app.use((err: unknown | Error, req: Request, res: Response, next: NextFunction) => {
-            return next(err);
+
+        const isCsrfTokenError = typeof err === "object"
+            && err
+            && "code" in err
+            && err.code === "EBADCSRFTOKEN";
+
+        if (isCsrfTokenError) {
+            log.error(`Invalid CSRF token: ${req.headers["x-csrf-token"]}, secret: ${req.cookies["_csrf"]}`);
+            return next(new ForbiddenError("Invalid CSRF token"));
         }
 
-        log.error(`Invalid CSRF token: ${req.headers["x-csrf-token"]}, secret: ${req.cookies["_csrf"]}`);
+        return next(err);
-        next(new ForbiddenError("Invalid CSRF token"));
     });
 
     // catch 404 and forward to error handler