sepehr/Keep
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Keep/mcp-server/node_modules/hono/dist/middleware/csrf/index.js
sepehr 8d95f34fcc fix: Add debounced Undo/Redo system to avoid character-by-character history 
- Add debounced state updates for title and content (500ms delay)
- Immediate UI updates with delayed history saving
- Prevent one-letter-per-undo issue
- Add cleanup for debounce timers on unmount
2026-01-04 14:28:11 +01:00

56 lines
2.1 KiB
JavaScript
Raw Blame History

// src/middleware/csrf/index.ts
import { HTTPException } from "../../http-exception.js";
var secFetchSiteValues = ["same-origin", "same-site", "none", "cross-site"];
var isSecFetchSite = (value) => secFetchSiteValues.includes(value);
var isSafeMethodRe = /^(GET|HEAD)$/;
var isRequestedByFormElementRe = /^\b(application\/x-www-form-urlencoded|multipart\/form-data|text\/plain)\b/i;
var csrf = (options) => {
const originHandler = ((optsOrigin) => {
if (!optsOrigin) {
return (origin, c) => origin === new URL(c.req.url).origin;
} else if (typeof optsOrigin === "string") {
return (origin) => origin === optsOrigin;
} else if (typeof optsOrigin === "function") {
return optsOrigin;
} else {
return (origin) => optsOrigin.includes(origin);
}
})(options?.origin);
const isAllowedOrigin = async (origin, c) => {
if (origin === void 0) {
return false;
}
return await originHandler(origin, c);
};
const secFetchSiteHandler = ((optsSecFetchSite) => {
if (!optsSecFetchSite) {
return (secFetchSite) => secFetchSite === "same-origin";
} else if (typeof optsSecFetchSite === "string") {
return (secFetchSite) => secFetchSite === optsSecFetchSite;
} else if (typeof optsSecFetchSite === "function") {
return optsSecFetchSite;
} else {
return (secFetchSite) => optsSecFetchSite.includes(secFetchSite);
}
})(options?.secFetchSite);
const isAllowedSecFetchSite = async (secFetchSite, c) => {
if (secFetchSite === void 0) {
return false;
}
if (!isSecFetchSite(secFetchSite)) {
return false;
}
return await secFetchSiteHandler(secFetchSite, c);
};
return async function csrf2(c, next) {
if (!isSafeMethodRe.test(c.req.method) && isRequestedByFormElementRe.test(c.req.header("content-type") || "text/plain") && !await isAllowedSecFetchSite(c.req.header("sec-fetch-site"), c) && !await isAllowedOrigin(c.req.header("origin"), c)) {
const res = new Response("Forbidden", { status: 403 });
throw new HTTPException(403, { res });
}
await next();
};
};
export {
csrf
};
Reference in New Issue View Git Blame Copy Permalink