Merge pull request #1 from JesusAlexV/add-waf

Add waf
narskidan · May 11, 2022 · 16ddc65 · 16ddc65
2 parents f3848be + a09954c
commit 16ddc65
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 0 deletions.
diff --git a/tsconfig.json b/tsconfig.json
@@ -0,0 +1,14 @@
+{
+    "compilerOptions": {
+        "jsx": "react",
+        "jsxFactory": "h",
+        "checkJs": false,
+        "lib": [
+        "dom",
+        "dom.iterable",
+        "dom.asynciterable",
+        "deno.ns",
+        "deno.unstable"
+        ]
+    }
+}
diff --git a/waf.tsx b/waf.tsx
@@ -0,0 +1,37 @@
+// @ts-nocheck
+
+interface WafParameter {
+  name: string;
+  disallowTags?: boolean;
+}
+
+interface WafConfig {
+  parameters?: WafParameter[];
+}
+
+const getParam = (url, param) => {
+  const { searchParams: query } = new URL(url);
+  return query.get(param);
+}
+
+const waf: Function = (config: WafConfig) => async (ctx: any, next: any): Promise<void> => {
+  // Validate parameters
+  if (!config.parameters) {
+    config.parameters = [];
+  }
+  for (const parameter of config.parameters) {
+    let paramValue = getParam(ctx.request.url, parameter.name);
+    if (paramValue) {
+        paramValue = paramValue.toLowerCase();
+      if (parameter.disallowTags) {
+        if (paramValue.includes('<')) {
+          ctx.response.body = 'Web Application Firewall: Your name cannot contain HTML tags';
+          return;
+        }
+      }
+    }
+  }
+  await next();
+}
+
+export default waf;