damanukyan/cryptowallet
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add csrf

Browse Source
This commit is contained in:
Daniil Manukian
2026-04-19 11:32:47 +03:00
parent 17855ecd87
commit 517df542e1
9 changed files with 4827 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
apps/api/src/config/env.ts
View File

@@ -35,6 +35,7 @@ export let env = {
secretPath: p.VAULT_SECRET_PATH || 'database',
jwtKidPath: p.VAULT_JWT_KID_PATH || 'jwt/kid',
jwtKidsPrefix: p.VAULT_JWT_KIDS_PREFIX || 'jwt/kids',
csrfSecretPath: p.VAULT_CSRF_SECRET_PATH || 'cryptowallet/csrf',
},
csrf: {
cookieSecure: p.CSRF_COOKIE_SECURE === 'true',
@@ -110,6 +111,13 @@ export async function initEnv(): Promise<void> {
logger.info('Loaded DB secrets from Vault');
const maybeCsrf = secrets.CSRF_SECRET_KEY;
if (maybeCsrf && maybeCsrf.length >= 32) {
const mod = await import('../services/csrf.service');
mod.setCsrfSigningKey(maybeCsrf);
logger.info('CSRF signing key loaded from Vault (primary secret)');
}
const s = (key: string) => secrets[key];
const si = (key: string, fallback: number) => {
const v = secrets[key];