admin/test
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Erster Docker-Stand

Browse Source
This commit is contained in:
Ali
2026-02-20 16:06:40 +09:00
commit f31e2e8ed3
8818 changed files with 1605323 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
_node_modules/hono/dist/middleware/csrf/index.js generated vendored Normal file
View File

@@ -0,0 +1,55 @@
// src/middleware/csrf/index.ts
import { HTTPException } from "../../http-exception.js";
var secFetchSiteValues = ["same-origin", "same-site", "none", "cross-site"];
var isSecFetchSite = (value) => secFetchSiteValues.includes(value);
var isSafeMethodRe = /^(GET|HEAD)$/;
var isRequestedByFormElementRe = /^\b(application\/x-www-form-urlencoded|multipart\/form-data|text\/plain)\b/i;
var csrf = (options) => {
const originHandler = ((optsOrigin) => {
if (!optsOrigin) {
return (origin, c) => origin === new URL(c.req.url).origin;
} else if (typeof optsOrigin === "string") {
return (origin) => origin === optsOrigin;
} else if (typeof optsOrigin === "function") {
return optsOrigin;
} else {
return (origin) => optsOrigin.includes(origin);
}
})(options?.origin);
const isAllowedOrigin = async (origin, c) => {
if (origin === void 0) {
return false;
}
return await originHandler(origin, c);
};
const secFetchSiteHandler = ((optsSecFetchSite) => {
if (!optsSecFetchSite) {
return (secFetchSite) => secFetchSite === "same-origin";
} else if (typeof optsSecFetchSite === "string") {
return (secFetchSite) => secFetchSite === optsSecFetchSite;
} else if (typeof optsSecFetchSite === "function") {
return optsSecFetchSite;
} else {
return (secFetchSite) => optsSecFetchSite.includes(secFetchSite);
}
})(options?.secFetchSite);
const isAllowedSecFetchSite = async (secFetchSite, c) => {
if (secFetchSite === void 0) {
return false;
}
if (!isSecFetchSite(secFetchSite)) {
return false;
}
return await secFetchSiteHandler(secFetchSite, c);
};
return async function csrf2(c, next) {
if (!isSafeMethodRe.test(c.req.method) && isRequestedByFormElementRe.test(c.req.header("content-type") || "text/plain") && !await isAllowedSecFetchSite(c.req.header("sec-fetch-site"), c) && !await isAllowedOrigin(c.req.header("origin"), c)) {
const res = new Response("Forbidden", { status: 403 });
throw new HTTPException(403, { res });
}
await next();
};
};
export {
csrf
};