moon
/
sync
mirror of https://github.com/calzoneman/sync.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix

This commit is contained in:
calzoneman 2015-02-24 10:48:51 -06:00
parent 6ab609db71
commit a0b7bff70c
2 changed files with 23 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
lib/web/csrf.js
View File

@ -7,25 +7,31 @@ var createError = require("http-errors");
var tokens = csrf(); var tokens = csrf();
exports.init = function csrfInit(req, res, next) { exports.init = function csrfInit (domain) {
var secret = req.signedCookies._csrf; return function (req, res, next) {
if (!secret) { var secret = req.signedCookies._csrf;
secret = tokens.secretSync(); if (!secret) {
res.cookie("_csrf", secret, { signed: true, httpOnly: true }); secret = tokens.secretSync();
} res.cookie("_csrf", secret, {
domain: domain,
var token; signed: true,
httpOnly: true
req.csrfToken = function csrfToken() { });
if (token) {
return token;
} }
token = tokens.create(secret); var token;
return token;
};
next(); req.csrfToken = function csrfToken() {
if (token) {
return token;
}
token = tokens.create(secret);
return token;
};
next();
};
}; };
exports.verify = function csrfVerify(req) { exports.verify = function csrfVerify(req) {

2
lib/web/webserver.js
View File

@ -191,7 +191,7 @@ module.exports = {
Logger.errlog.log("YOU SHOULD CHANGE THE VALUE OF cookie-secret IN config.yaml"); Logger.errlog.log("YOU SHOULD CHANGE THE VALUE OF cookie-secret IN config.yaml");
} }
app.use(cookieParser(Config.get("http.cookie-secret"))); app.use(cookieParser(Config.get("http.cookie-secret")));
app.use(csrf.init); app.use(csrf.init(Config.get("http.root-domain-dotted")));
app.use(morgan(LOG_FORMAT, { app.use(morgan(LOG_FORMAT, {
stream: require("fs").createWriteStream(path.join(__dirname, "..", "..", stream: require("fs").createWriteStream(path.join(__dirname, "..", "..",
"http.log"), { "http.log"), {