moon
/
sync
mirror of https://github.com/calzoneman/sync.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix

This commit is contained in:
calzoneman 2015-02-24 10:48:51 -06:00
parent 6ab609db71
commit a0b7bff70c
2 changed files with 23 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
lib/web/csrf.js
View File

@ -7,25 +7,31 @@ var createError = require("http-errors");
var tokens = csrf();
exports.init = function csrfInit(req, res, next) {
var secret = req.signedCookies._csrf;
if (!secret) {
secret = tokens.secretSync();
res.cookie("_csrf", secret, { signed: true, httpOnly: true });
}
var token;
req.csrfToken = function csrfToken() {
if (token) {
return token;
exports.init = function csrfInit (domain) {
return function (req, res, next) {
var secret = req.signedCookies._csrf;
if (!secret) {
secret = tokens.secretSync();
res.cookie("_csrf", secret, {
domain: domain,
signed: true,
httpOnly: true
});
}
token = tokens.create(secret);
return token;
};
var token;
next();
req.csrfToken = function csrfToken() {
if (token) {
return token;
}
token = tokens.create(secret);
return token;
};
next();
};
};
exports.verify = function csrfVerify(req) {

2
lib/web/webserver.js
View File

@ -191,7 +191,7 @@ module.exports = {
Logger.errlog.log("YOU SHOULD CHANGE THE VALUE OF cookie-secret IN config.yaml");
}
app.use(cookieParser(Config.get("http.cookie-secret")));
app.use(csrf.init);
app.use(csrf.init(Config.get("http.root-domain-dotted")));
app.use(morgan(LOG_FORMAT, {
stream: require("fs").createWriteStream(path.join(__dirname, "..", "..",
"http.log"), {