Can we move web, api and bull into this repo

[phumberdroz]

Like the title suggest I would love that we include these files in the repo currently I see myself re implementing a lot of stuff for a simple 3 line change I have to include this:

const web = new Web({
// ....
  csrf: false,
});
if (process.env.NODE_ENV !== 'test') {
  const csrf = new CSRF({
    ...config.csrf,
    invalidTokenMessage: ctx => ctx.request.t('Invalid CSRF token')
  });

  web.app.use(async (ctx, next) => {
    try {
      if(ctx.request.url === '/wcendpoint') {
        await next();
      } else {
        await csrf(ctx, next);
      }
    } catch (err) {
      let e = err;
      if (err.name && err.name === 'ForbiddenError') {
        e = Boom.forbidden(err.message);
        if (err.stack) e.stack = err.stack;
      }
      ctx.throw(e);
    }
  });
}

Just so I do not need a CSRF token for a single endpoint since this request is expected to be Cross Origin.

There is a couple more issues I encountered where I would wish this would be handled differently.

[niftylettuce]

Upgrade to v0.4.12 of @ladjs/web and then implement the following change:

const web = new Web({
// ....
+  csrfIgnoredGlobs: [ '/wcendpoint' ]
-  csrf: false,
});
-if (process.env.NODE_ENV !== 'test') {
-  const csrf = new CSRF({
-    ...config.csrf,
-    invalidTokenMessage: ctx => ctx.request.t('Invalid CSRF token')
-  });
-
-  web.app.use(async (ctx, next) => {
-    try {
-      if(ctx.request.url === '/wcendpoint') {
-        await next();
-      } else {
-        await csrf(ctx, next);
-      }
-    } catch (err) {
-      let e = err;
-      if (err.name && err.name === 'ForbiddenError') {
-        e = Boom.forbidden(err.message);
-        if (err.stack) e.stack = err.stack;
-      }
-      ctx.throw(e);
-    }
-  });
-}

I have added csrfIgnoredGlobs (Array) option.

Note you can use wildcards and glob patterns, e.g. /wcendpoint, /wcendpoint/**/*, /wcendpoint/*, /foo/**/bar, ...