From 9856ebc1b2cb0006e98620c9fa6630ff3e04a530 Mon Sep 17 00:00:00 2001
From: RinYato <chearithorn@gmail.com>
Date: Fri, 20 Sep 2024 22:49:53 +0700
Subject: [PATCH] fix: csrf

---
 apps/api/src/index.ts                           | 12 ++++++------
 apps/api/src/module/checkout/route/v1.create.ts |  1 -
 apps/api/src/setup/error.ts                     |  5 +++--
 apps/api/src/setup/header.ts                    |  3 ++-
 4 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/apps/api/src/index.ts b/apps/api/src/index.ts
index 7348ce7..91ae386 100644
--- a/apps/api/src/index.ts
+++ b/apps/api/src/index.ts
@@ -17,8 +17,8 @@ import { registerHeaderMiddleware } from "./setup/header";
 
 const app = new OpenAPIHono<AppEnv>();
 
-// Register global error handler
-registerGlobalErrorHandler(app);
+// Register headers middleware
+registerHeaderMiddleware(app);
 
 // Register CORS
 registerCors(app);
@@ -26,8 +26,8 @@ registerCors(app);
 // Register Timing
 registerTiming(app);
 
-// Register OpenAPI docs
-registerOpenAPI(app);
+// Register global error handler
+registerGlobalErrorHandler(app);
 
 // Register taskers
 registerTasker(app, [new TransactionTasker()]);
@@ -38,8 +38,8 @@ registerAuthMiddleware(app);
 // Register Logger
 registerLogger(app);
 
-// Register headers middleware
-registerHeaderMiddleware(app);
+// Register OpenAPI docs
+registerOpenAPI(app);
 
 // Register modules
 app.route("/", Modules);
diff --git a/apps/api/src/module/checkout/route/v1.create.ts b/apps/api/src/module/checkout/route/v1.create.ts
index 6bccb97..f62ff26 100644
--- a/apps/api/src/module/checkout/route/v1.create.ts
+++ b/apps/api/src/module/checkout/route/v1.create.ts
@@ -4,7 +4,6 @@ import { createRoute, OpenAPIHono, z } from "@hono/zod-openapi";
 import { checkoutRequestSchema, checkoutService } from "@/service/checkout.service";
 import { validateToken } from "@/setup/token.middleware";
 import { userService } from "@/service/user.service";
-import { HTTPException } from "hono/http-exception";
 import { apiError } from "@/lib/error";
 
 export const createCheckoutV1 = new OpenAPIHono<AppEnv>().openapi(
diff --git a/apps/api/src/setup/error.ts b/apps/api/src/setup/error.ts
index 07d8efa..132f662 100644
--- a/apps/api/src/setup/error.ts
+++ b/apps/api/src/setup/error.ts
@@ -12,12 +12,11 @@ export function registerGlobalErrorHandler(app: App) {
       }
     });
 
-    logger.trace(err.stack);
-
     if (err instanceof ApiError) {
       const { status, message, details, name } = err;
 
       logger.error({
+        stack: err.stack,
         status,
         message,
         details,
@@ -34,6 +33,7 @@ export function registerGlobalErrorHandler(app: App) {
 
       logger.error({
         body,
+        stack: err.stack,
         status: res.status,
         message: err.message,
         name: "HTTP_EXCEPTION",
@@ -55,6 +55,7 @@ export function registerGlobalErrorHandler(app: App) {
     }
 
     logger.error({
+      stack: err.stack,
       body,
       status: 500,
       message: err.message,
diff --git a/apps/api/src/setup/header.ts b/apps/api/src/setup/header.ts
index 9239278..70a13ff 100644
--- a/apps/api/src/setup/header.ts
+++ b/apps/api/src/setup/header.ts
@@ -2,7 +2,8 @@ import { csrf } from "hono/csrf";
 import type { App } from "./context";
 import { requestId } from "hono/request-id";
 import { secureHeaders } from "hono/secure-headers";
+import { env } from "@/lib/env";
 
 export function registerHeaderMiddleware(app: App) {
-  app.use(csrf(), requestId(), secureHeaders());
+  app.use(requestId(), secureHeaders(), csrf({ origin: [env.WEB_URL, env.API_URL] }));
 }