middleware static method
Implementation
static Future<dynamic> middleware(HttpRequest request, void Function() next) async {
if (_isReading(request)) {
return next();
}
final token = await _getToken(request);
final sessionToken = await _getSessionToken(request);
if (token == null || sessionToken == null || token != sessionToken) {
// Todo - Leaving this snippet for testing
// print('--- CSRF DEBUG ---');
// print('Method: ${request.method} ${request.uri}');
// print('Input Token (Body): $token');
// print('Session Token (Cookie): $sessionToken');
// print('All Cookies: ${request.cookies.map((c) => '${c.name}=${c.value}').join(', ')}');
// print('Headers: ${request.headers.value('content-type')}');
// print('------------------');
return request.response
..statusCode = HttpStatus.forbidden
..write("403 Forbidden: Invalid CSRF Token")
..close();
}
return next();
}
