【问题标题】:"Cannot read property '_csrf' of undefined" when using NestJS with Fastify adapter and "fastify-csrf" plugin?使用带有 Fastify 适配器和“fastify-csrf”插件的 NestJS 时,“无法读取未定义的属性 '_csrf'”?
【发布时间】:2020-05-08 09:03:51
【问题描述】:

我正在使用 Fastify 适配器将 fastify-csrf 包注册到 NestJS 应用程序。我只是想向站点的根 (/) 发送一个 GET 请求。它一直给我错误:

[1579681476193] INFO  (5105 on a89d529a4532): incoming request
    reqId: 1
    req: {
      "method": "GET",
      "url": "/",
      "hostname": "localhost:3000",
      "remoteAddress": "172.18.0.1",
      "remotePort": 47274
    }
[Nest] 5105   - 01/22/2020, 8:24:36 AM   [ExceptionsHandler] Cannot read property '_csrf' of undefined +3497ms
TypeError: Cannot read property '_csrf' of undefined
    at getSecret (/home/node/work-dir/dist/main.js:4123:26)
    at Object.handleCsrf (/home/node/work-dir/dist/main.js:4058:16)
    at hookIterator (/home/node/work-dir/node_modules/fastify/lib/hooks.js:124:10)
    at next (/home/node/work-dir/node_modules/fastify/lib/hooks.js:70:20)
    at hookRunner (/home/node/work-dir/node_modules/fastify/lib/hooks.js:84:3)
    at preValidationCallback (/home/node/work-dir/node_modules/fastify/lib/handleRequest.js:92:5)
    at handler (/home/node/work-dir/node_modules/fastify/lib/handleRequest.js:69:5)
    at handleRequest (/home/node/work-dir/node_modules/fastify/lib/handleRequest.js:18:5)
    at onRunMiddlewares (/home/node/work-dir/node_modules/fastify/lib/middleware.js:22:5)
    at Holder.done (/home/node/work-dir/node_modules/middie/middie.js:90:9)
    at xXssProtection (/home/node/work-dir/node_modules/x-xss-protection/dist/index.js:47:13)
    at Holder.done (/home/node/work-dir/node_modules/middie/middie.js:112:11)
    at nosniff (/home/node/work-dir/node_modules/dont-sniff-mimetype/dist/index.js:5:9)
    at Holder.done (/home/node/work-dir/node_modules/middie/middie.js:112:11)
    at ienoopen (/home/node/work-dir/node_modules/ienoopen/dist/index.js:5:9)
    at Holder.done (/home/node/work-dir/node_modules/middie/middie.js:112:11)
[1579681476213] INFO  (5105 on a89d529a4532): request completed
    reqId: 1
    res: {
      "statusCode": 500
    }
    responseTime: 17.487376004457474

这是我的项目的样子:

/*************************
 * app.controller.ts
 *************************/
import { Controller, Get } from '@nestjs/common';

@Controller()
export class AppController {
    @Get()
    async getAPI(): Promise<string> {
        return 'test';
    }
}

/*************************
 * app.module.ts
 *************************/
import { Module }        from '@nestjs/common';
import { AppController } from './app.controller';

@Module({ controllers: [AppController]})
export class AppModule {}

/*************************
 * main.ts
 *************************/
import { FastifyAdapter, NestFastifyApplication } from '@nestjs/platform-fastify';
import { NestFactory }                            from '@nestjs/core';
import { AppModule }                              from './app.module';

async function bootstrap() {
    const app = await NestFactory.create<NestFastifyApplication>(
        AppModule,
        new FastifyAdapter({ logger: { prettyPrint: true } }),
    );

    app.register(require('fastify-cookie'), { secret: 'cookieSecret' });
    app.register(require('fastify-csrf'), { cookie: true });

    await app.listen(3000, '0.0.0.0');
}
bootstrap();

【问题讨论】:

    标签: csrf nestjs fastify


    【解决方案1】:

    显然我没有正确地将 cookie 设置为 true。代替以下内容:

    app.register(require('fastify-csrf'), { cookie: true });
    

    我使用了一个变量,但没有正确调用它,导致它是undefined

    app.register(require('fastify-csrf'), csrfOptions);
    

    在检查包代码时,如果options 对象中的cookie 未设置为true{},它将假定会话配置已通过:

    var cookie = getCookieOptions(opts.cookie);
    var sessionCsrfKey = options.key || '_csrf';
    
    /* ... */
    
    function isCookieContainer(cookie) {
        if(cookie || typeof cookie === 'object') {
            return true;
        } 
        return false;
    }
    
    function getSecret(request, cookie) {
        var container = tokenContainer(request, cookie);
        if(isCookieContainer(cookie)) {
            return container[cookie.key];
        } else {
            return request.session[sessionCsrfKey]; // <-- This is where the error occurs.
        }
    }
    

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2021-11-20
      • 2021-10-12
      • 2018-08-31
      • 2021-08-02
      • 2021-05-03
      • 2020-12-22
      • 2021-02-27
      • 2021-10-30
      相关资源
      最近更新 更多