fix: csrf

rin-yato · Sep 20, 2024 · 9856ebc · 9856ebc
1 parent dd45f3c
commit 9856ebc
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 10 deletions.
diff --git a/apps/api/src/index.ts b/apps/api/src/index.ts
@@ -17,17 +17,17 @@ import { registerHeaderMiddleware } from "./setup/header";
 
 const app = new OpenAPIHono<AppEnv>();
 
-// Register global error handler
-registerGlobalErrorHandler(app);
+// Register headers middleware
+registerHeaderMiddleware(app);
 
 // Register CORS
 registerCors(app);
 
 // Register Timing
 registerTiming(app);
 
-// Register OpenAPI docs
-registerOpenAPI(app);
+// Register global error handler
+registerGlobalErrorHandler(app);
 
 // Register taskers
 registerTasker(app, [new TransactionTasker()]);
@@ -38,8 +38,8 @@ registerAuthMiddleware(app);
 // Register Logger
 registerLogger(app);
 
-// Register headers middleware
-registerHeaderMiddleware(app);
+// Register OpenAPI docs
+registerOpenAPI(app);
 
 // Register modules
 app.route("/", Modules);

diff --git a/apps/api/src/module/checkout/route/v1.create.ts b/apps/api/src/module/checkout/route/v1.create.ts
@@ -4,7 +4,6 @@ import { createRoute, OpenAPIHono, z } from "@hono/zod-openapi";
 import { checkoutRequestSchema, checkoutService } from "@/service/checkout.service";
 import { validateToken } from "@/setup/token.middleware";
 import { userService } from "@/service/user.service";
-import { HTTPException } from "hono/http-exception";
 import { apiError } from "@/lib/error";
 
 export const createCheckoutV1 = new OpenAPIHono<AppEnv>().openapi(

diff --git a/apps/api/src/setup/error.ts b/apps/api/src/setup/error.ts
@@ -12,12 +12,11 @@ export function registerGlobalErrorHandler(app: App) {
       }
     });
 
-    logger.trace(err.stack);
-
     if (err instanceof ApiError) {
       const { status, message, details, name } = err;
 
       logger.error({
+        stack: err.stack,
         status,
         message,
         details,
@@ -34,6 +33,7 @@ export function registerGlobalErrorHandler(app: App) {
 
       logger.error({
         body,
+        stack: err.stack,
         status: res.status,
         message: err.message,
         name: "HTTP_EXCEPTION",
@@ -55,6 +55,7 @@ export function registerGlobalErrorHandler(app: App) {
     }
 
     logger.error({
+      stack: err.stack,
       body,
       status: 500,
       message: err.message,

diff --git a/apps/api/src/setup/header.ts b/apps/api/src/setup/header.ts
@@ -2,7 +2,8 @@ import { csrf } from "hono/csrf";
 import type { App } from "./context";
 import { requestId } from "hono/request-id";
 import { secureHeaders } from "hono/secure-headers";
+import { env } from "@/lib/env";
 
 export function registerHeaderMiddleware(app: App) {
-  app.use(csrf(), requestId(), secureHeaders());
+  app.use(requestId(), secureHeaders(), csrf({ origin: [env.WEB_URL, env.API_URL] }));
 }