/*
* Copyright 2014 Red Hat, Inc.
*
* Red Hat licenses this file to you under the Apache License, version 2.0
* (the "License"); you may not use this file except in compliance with the
* License. You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/
/** @module vertx-web-js/csrf_handler */
var utils = require('vertx-js/util/utils');
var Vertx = require('vertx-js/vertx');
var RoutingContext = require('vertx-web-js/routing_context');
var Promise = require('vertx-js/promise');
var io = Packages.io;
var JsonObject = io.vertx.core.json.JsonObject;
var JsonArray = io.vertx.core.json.JsonArray;
var JCSRFHandler = Java.type('io.vertx.ext.web.handler.CSRFHandler');
/**
This handler adds a CSRF token to requests which mutate state. In order change the state a (XSRF-TOKEN) cookie is set
with a unique token, that is expected to be sent back in a (X-XSRF-TOKEN) header.
The behavior is to check the request body header and cookie for validity.
This Handler requires session support, thus should be added somewhere below Session and Body handlers.
@class
*/
var CSRFHandler = function(j_val) {
var j_cSRFHandler = j_val;
var that = this;
var __super_handle = this.handle;
var __super_create = this.create;
var __super_setCookieName = this.setCookieName;
var __super_setCookiePath = this.setCookiePath;
var __super_setHeaderName = this.setHeaderName;
var __super_setNagHttps = this.setNagHttps;
var __super_setResponseBody = this.setResponseBody;
var __super_setTimeout = this.setTimeout;
/**
Something has happened, so handle it.
@public
@param event {RoutingContext} the event to handle
*/
this.handle = function(event) {
var __args = arguments;
if (__args.length === 1 && typeof __args[0] === 'object' && __args[0]._jdel) {
j_cSRFHandler["handle(io.vertx.ext.web.RoutingContext)"](event._jdel);
} else if (typeof __super_handle != 'undefined') {
return __super_handle.apply(this, __args);
}
else throw new TypeError('function invoked with invalid arguments');
};
/**
Set the cookie name. By default XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks
might use other names.
@public
@param name {string} a new name for the cookie.
@return {CSRFHandler} fluent
*/
this.setCookieName = function(name) {
var __args = arguments;
if (__args.length === 1 && typeof __args[0] === 'string') {
j_cSRFHandler["setCookieName(java.lang.String)"](name) ;
return that;
} else if (typeof __super_setCookieName != 'undefined') {
return __super_setCookieName.apply(this, __args);
}
else throw new TypeError('function invoked with invalid arguments');
};
/**
Set the cookie path. By default / is used.
@public
@param path {string} a new path for the cookie.
@return {CSRFHandler} fluent
*/
this.setCookiePath = function(path) {
var __args = arguments;
if (__args.length === 1 && typeof __args[0] === 'string') {
j_cSRFHandler["setCookiePath(java.lang.String)"](path) ;
return that;
} else if (typeof __super_setCookiePath != 'undefined') {
return __super_setCookiePath.apply(this, __args);
}
else throw new TypeError('function invoked with invalid arguments');
};
/**
Set the header name. By default X-XSRF-TOKEN is used as it is the expected name by AngularJS however other
frameworks might use other names.
@public
@param name {string} a new name for the header.
@return {CSRFHandler} fluent
*/
this.setHeaderName = function(name) {
var __args = arguments;
if (__args.length === 1 && typeof __args[0] === 'string') {
j_cSRFHandler["setHeaderName(java.lang.String)"](name) ;
return that;
} else if (typeof __super_setHeaderName != 'undefined') {
return __super_setHeaderName.apply(this, __args);
}
else throw new TypeError('function invoked with invalid arguments');
};
/**
Should the handler give warning messages if this handler is used in other than https protocols?
@public
@param nag {boolean} true to nag
@return {CSRFHandler} fluent
*/
this.setNagHttps = function(nag) {
var __args = arguments;
if (__args.length === 1 && typeof __args[0] ==='boolean') {
j_cSRFHandler["setNagHttps(boolean)"](nag) ;
return that;
} else if (typeof __super_setNagHttps != 'undefined') {
return __super_setNagHttps.apply(this, __args);
}
else throw new TypeError('function invoked with invalid arguments');
};
/**
Set the body returned by the handler when the XSRF token is missing or invalid.
@public
@param responseBody {string} the body of the response. If null, no response body will be returned.
@return {CSRFHandler} fluent
*/
this.setResponseBody = function(responseBody) {
var __args = arguments;
if (__args.length === 1 && typeof __args[0] === 'string') {
j_cSRFHandler["setResponseBody(java.lang.String)"](responseBody) ;
return that;
} else if (typeof __super_setResponseBody != 'undefined') {
return __super_setResponseBody.apply(this, __args);
}
else throw new TypeError('function invoked with invalid arguments');
};
/**
Set the timeout for tokens generated by the handler, by default it uses the default from the session handler.
@public
@param timeout {number} token timeout
@return {CSRFHandler} fluent
*/
this.setTimeout = function(timeout) {
var __args = arguments;
if (__args.length === 1 && typeof __args[0] ==='number') {
j_cSRFHandler["setTimeout(long)"](timeout) ;
return that;
} else if (typeof __super_setTimeout != 'undefined') {
return __super_setTimeout.apply(this, __args);
}
else throw new TypeError('function invoked with invalid arguments');
};
// A reference to the underlying Java delegate
// NOTE! This is an internal API and must not be used in user code.
// If you rely on this property your code is likely to break if we change it / remove it without warning.
this._jdel = j_cSRFHandler;
};
CSRFHandler._jclass = utils.getJavaClass("io.vertx.ext.web.handler.CSRFHandler");
CSRFHandler._jtype = {accept: function(obj) {
return CSRFHandler._jclass.isInstance(obj._jdel);
},wrap: function(jdel) {
var obj = Object.create(CSRFHandler.prototype, {});
CSRFHandler.apply(obj, arguments);
return obj;
},
unwrap: function(obj) {
return obj._jdel;
}
};
CSRFHandler._create = function(jdel) {var obj = Object.create(CSRFHandler.prototype, {});
CSRFHandler.apply(obj, arguments);
return obj;
}
/**
Instantiate a new CSRFHandlerImpl with a secret
<p>
<pre>
CSRFHandler.create("s3cr37")
</pre>
@memberof module:vertx-web-js/csrf_handler
@param vertx {Vertx}
@param secret {string} server secret to sign the token.
@return {CSRFHandler}
*/
CSRFHandler.create = function(vertx, secret) {
var __args = arguments;
if (__args.length === 2 && typeof __args[0] === 'object' && __args[0]._jdel && typeof __args[1] === 'string') {
return utils.convReturnVertxGen(CSRFHandler, JCSRFHandler["create(io.vertx.core.Vertx,java.lang.String)"](vertx._jdel, secret)) ;
}else throw new TypeError('function invoked with invalid arguments');
};
CSRFHandler.ERROR_MESSAGE = JCSRFHandler.ERROR_MESSAGE;
CSRFHandler.DEFAULT_COOKIE_NAME = JCSRFHandler.DEFAULT_COOKIE_NAME;
CSRFHandler.DEFAULT_COOKIE_PATH = JCSRFHandler.DEFAULT_COOKIE_PATH;
CSRFHandler.DEFAULT_HEADER_NAME = JCSRFHandler.DEFAULT_HEADER_NAME;
CSRFHandler.DEFAULT_RESPONSE_BODY = JCSRFHandler.DEFAULT_RESPONSE_BODY;
module.exports = CSRFHandler;