feat(auth): Add optional CSRF protection (#697)

* fix(auth): Missing CSRF middleware Resolves LGTM alert/error for query js/missing-token-validation More info: https://lgtm.com/rules/1506064038914/
2021-01-24 21:27:57 -05:00
parent 4b0241c3b3
commit 6e2589178b
7 changed files with 98 additions and 3 deletions
--- a/package.json
+++ b/package.json
@@ -26,6 +26,7 @@
    "bowser": "^2.11.0",
    "connect-typeorm": "^1.1.4",
    "cookie-parser": "^1.4.5",
+    "csurf": "^1.11.0",
    "email-templates": "^8.0.3",
    "express": "^4.17.1",
    "express-openapi-validator": "^4.10.8",
@@ -79,6 +80,7 @@
    "@types/bcrypt": "^3.0.0",
    "@types/body-parser": "^1.19.0",
    "@types/cookie-parser": "^1.4.2",
+    "@types/csurf": "^1.11.0",
    "@types/email-templates": "^8.0.0",
    "@types/express": "^4.17.11",
    "@types/express-session": "^1.17.0",