From 84147f60d5ed875bd9b4fb686960657ce2ee52d3 Mon Sep 17 00:00:00 2001
From: Junseo Park <wonderlandpark@outlook.kr>
Date: Wed, 17 Feb 2021 15:56:25 +0900
Subject: [PATCH] feat: added csrf process functions

---
 utils/Csrf.ts | 39 +++++++++++++++++++++++++++++++++++----
 1 file changed, 35 insertions(+), 4 deletions(-)

diff --git a/utils/Csrf.ts b/utils/Csrf.ts
index b8fb15b..6b65587 100644
--- a/utils/Csrf.ts
+++ b/utils/Csrf.ts
@@ -1,7 +1,38 @@
-import csrf from 'csurf'
-import { CsrfRequestMessage } from '@types'
+import { parse, serialize } from 'cookie'
+import csrf from 'csrf'
 
+import { IncomingMessage, ServerResponse } from 'http'
+import { NextApiRequest, NextApiResponse } from 'next'
+import ResponseWrapper from './ResponseWrapper'
 
-const csrfProtection = (csrf({ cookie: true }) as unknown as CsrfRequestMessage)
+const csrfKey = '_csrf'
 
-export default csrfProtection
\ No newline at end of file
+const Token = new csrf()
+
+export const tokenCreate = ():string => Token.create(process.env.CSRF_SECRET)
+
+export const tokenVerify = (token: string):boolean => Token.verify(process.env.CSRF_SECRET, token)
+
+export const getToken = (req: IncomingMessage, res: ServerResponse) => {
+	const parsed = parse(req.headers.cookie || '')
+	let key:string = parsed[csrfKey]
+	if(!key || !tokenVerify(key)) {
+		key = tokenCreate()
+		res.setHeader('set-cookie', serialize(csrfKey, key, {
+			expires: new Date(+new Date() + 24 * 60 * 60 * 1000),
+			httpOnly: true,
+			path: '/'
+		}))
+	}
+
+	return key
+}
+
+export const checkToken = (req: NextApiRequest, res: NextApiResponse, token: string): boolean => {
+	const parsed = parse(req.headers.cookie || '')
+	console.log(parsed[csrfKey], token)
+	if(parsed[csrfKey] !== token || !tokenVerify(token)) {
+		ResponseWrapper(res, { code: 400, message: 'CSRF 검증 에러' })
+		return false
+	} else return true
+}
\ No newline at end of file