1

我正在fastify-csrf使用 Fastify 适配器将包注册到 NestJS 应用程序。我只是想向站点的根 (/) 发送一个 GET 请求。它不断给我错误:

[1579681476193] INFO  (5105 on a89d529a4532): incoming request
    reqId: 1
    req: {
      "method": "GET",
      "url": "/",
      "hostname": "localhost:3000",
      "remoteAddress": "172.18.0.1",
      "remotePort": 47274
    }
[Nest] 5105   - 01/22/2020, 8:24:36 AM   [ExceptionsHandler] Cannot read property '_csrf' of undefined +3497ms
TypeError: Cannot read property '_csrf' of undefined
    at getSecret (/home/node/work-dir/dist/main.js:4123:26)
    at Object.handleCsrf (/home/node/work-dir/dist/main.js:4058:16)
    at hookIterator (/home/node/work-dir/node_modules/fastify/lib/hooks.js:124:10)
    at next (/home/node/work-dir/node_modules/fastify/lib/hooks.js:70:20)
    at hookRunner (/home/node/work-dir/node_modules/fastify/lib/hooks.js:84:3)
    at preValidationCallback (/home/node/work-dir/node_modules/fastify/lib/handleRequest.js:92:5)
    at handler (/home/node/work-dir/node_modules/fastify/lib/handleRequest.js:69:5)
    at handleRequest (/home/node/work-dir/node_modules/fastify/lib/handleRequest.js:18:5)
    at onRunMiddlewares (/home/node/work-dir/node_modules/fastify/lib/middleware.js:22:5)
    at Holder.done (/home/node/work-dir/node_modules/middie/middie.js:90:9)
    at xXssProtection (/home/node/work-dir/node_modules/x-xss-protection/dist/index.js:47:13)
    at Holder.done (/home/node/work-dir/node_modules/middie/middie.js:112:11)
    at nosniff (/home/node/work-dir/node_modules/dont-sniff-mimetype/dist/index.js:5:9)
    at Holder.done (/home/node/work-dir/node_modules/middie/middie.js:112:11)
    at ienoopen (/home/node/work-dir/node_modules/ienoopen/dist/index.js:5:9)
    at Holder.done (/home/node/work-dir/node_modules/middie/middie.js:112:11)
[1579681476213] INFO  (5105 on a89d529a4532): request completed
    reqId: 1
    res: {
      "statusCode": 500
    }
    responseTime: 17.487376004457474

这是我的项目的样子:

/*************************
 * app.controller.ts
 *************************/
import { Controller, Get } from '@nestjs/common';

@Controller()
export class AppController {
    @Get()
    async getAPI(): Promise<string> {
        return 'test';
    }
}

/*************************
 * app.module.ts
 *************************/
import { Module }        from '@nestjs/common';
import { AppController } from './app.controller';

@Module({ controllers: [AppController]})
export class AppModule {}

/*************************
 * main.ts
 *************************/
import { FastifyAdapter, NestFastifyApplication } from '@nestjs/platform-fastify';
import { NestFactory }                            from '@nestjs/core';
import { AppModule }                              from './app.module';

async function bootstrap() {
    const app = await NestFactory.create<NestFastifyApplication>(
        AppModule,
        new FastifyAdapter({ logger: { prettyPrint: true } }),
    );

    app.register(require('fastify-cookie'), { secret: 'cookieSecret' });
    app.register(require('fastify-csrf'), { cookie: true });

    await app.listen(3000, '0.0.0.0');
}
bootstrap();
4

1 回答 1

1

显然我没有正确地将cookie设置为true。在以下位置:

app.register(require('fastify-csrf'), { cookie: true });

我使用了一个变量,但没有正确调用它,导致它是undefined.

app.register(require('fastify-csrf'), csrfOptions);

在检查包代码时,如果对象cookieoptions的 没有设置为true{},它将假定会话配置已通过:

var cookie = getCookieOptions(opts.cookie);
var sessionCsrfKey = options.key || '_csrf';

/* ... */

function isCookieContainer(cookie) {
    if(cookie || typeof cookie === 'object') {
        return true;
    } 
    return false;
}

function getSecret(request, cookie) {
    var container = tokenContainer(request, cookie);
    if(isCookieContainer(cookie)) {
        return container[cookie.key];
    } else {
        return request.session[sessionCsrfKey]; // <-- This is where the error occurs.
    }
}
于 2020-01-22T10:06:53.743 回答