Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: csrf and session integration using redis #30

Merged
merged 31 commits into from
Jun 9, 2023
Merged

feat: csrf and session integration using redis #30

merged 31 commits into from
Jun 9, 2023

Conversation

jmcdo29
Copy link
Owner

@jmcdo29 jmcdo29 commented Jun 3, 2023
edited
Loading

General idea behind the csrf checker

flowchart TD
    A[Browser] -->|Makes GET /csrf| B{Has active Session}
    B -->|No| C[Create Session]
    B -->|Yes| D{Has Valid CSRF Header}
    D -->|Yes| F[Continue Request]
    D -->|No| E((Error))
    C --> G[Creaet CSRF token]
    G -->|Send CSRF as response| A
Loading

jmcdo29 added 15 commits May 8, 2023 10:28
@jmcdo29
chore: fix name in seed creator
a4634d2
@jmcdo29
chore: better dockerfile habits
4fec975
@jmcdo29
chore: set defaults for nx nestt library
39acee2
@jmcdo29
chore: create csrf library via nx
834ca40
@jmcdo29
chore: update caddy to handle url forwarding
f328839
@jmcdo29
feat: create redis module
491ea45
@jmcdo29
chore: use swc for compilation over tsc
45f921d
@jmcdo29
feat: add nest-cookies for cookie support
4424d62
@jmcdo29
feat: create token creation for csrf
1305f77
@jmcdo29
feat: add redis dep and start session module
1b7c654
@jmcdo29
feat: make token module
31695f1 
ALso have the csrf module use the token module.
Token module is a reusable token generator using the node crypto package
@jmcdo29
chore: snapshot before disk changes
3beab83
@jmcdo29
feat(session): guards for checking session info
b7b77e4
@jmcdo29
feat(csrf): create verify methods and guard for posts
005c450
@jmcdo29
feat(session): create guard for session refresh
bfbe8b5
@nx-cloud
Copy link

nx-cloud bot commented Jun 3, 2023
edited
Loading

☁️ Nx Cloud Report

CI is running/has finished running commands for commit af3108c. As they complete they will appear below. Click to see the status, the terminal output, and the build insights.

📂 See all runs for this branch

✅ Successfully ran 3 targets

Sent with 💌 from NxCloud.

jmcdo29
jmcdo29 commented Jun 5, 2023
View reviewed changes
Copy link
Owner Author

@jmcdo29 jmcdo29 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code, fortunately, looks good and makes sense a few days later! All that's left to do is write some tests around the csrf assignment and what should happen

@jmcdo29 jmcdo29 merged commit 736ae40 into main Jun 9, 2023
@jmcdo29 jmcdo29 deleted the feat/csrf-security branch June 9, 2023 16:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jmcdo29