def fn(req: Request, res: Response, next):
if not req.path.startswith(public_path):
return next()
filepath = req.path[len(public_path) + 1:]
realpath = os.path.join(os.getcwd(), 'public/static', filepath)
if os.path.isfile(realpath):
_, extname = os.path.splitext(filepath)
res.headers['Content-type'] = mimetypes.types_map[extname]
with open(realpath, 'rb') as f:
res.body = f.read()
else:
res.headers['Content-type'] = 'text/html'
res.body = '<h1>NOT FOUND</h1>'
def error(req: Request, res: Response):
"""
根据 code 返回不同的错误响应
目前只有 404
"""
res.code = 404
res.body = '<h1>NOT FOUND</h1>'
def fn(req: Request, res: Response, next):
# 如果在 cookie 中检查不到 cookie,就进行设置
if req.cookies.get(options['cookie_name'], None) is None:
res.cookies.set(options['cookie_name'], csrf_token)
# 简单请求不需要检查 csrf_token
if req.method in simple_methods:
return next()
log(req.method, req.headers, options['header_name'])
if req.headers.get(options['header_name'], None) != csrf_token:
res.code = 403
res.body = ''
else:
next()
