gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

CSRF middleware refactoring

Browse Source
This commit is contained in:
Sahat Yalkabov
2014-06-06 15:57:04 -04:00
parent 2cbf836041
commit 1b3a6716e6
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app.js
View File

@ -12,6 +12,7 @@ var errorHandler = require('errorhandler');
var csrf = require('lusca').csrf(); var csrf = require('lusca').csrf();
var methodOverride = require('method-override'); var methodOverride = require('method-override');
var _ = require('lodash');
var MongoStore = require('connect-mongo')({ session: session }); var MongoStore = require('connect-mongo')({ session: session });
var flash = require('express-flash'); var flash = require('express-flash');
var path = require('path'); var path = require('path');
@ -59,7 +60,7 @@ var week = day * 7;
* CSRF whitelist. * CSRF whitelist.
*/ */
var whitelist = ['/url1', '/url2']; var csrfExclude = ['/url1', '/url2'];
/** /**
* Express configuration. * Express configuration.
@ -91,8 +92,8 @@ app.use(passport.session());
app.use(flash()); app.use(flash());
app.use(function(req, res, next) { app.use(function(req, res, next) {
// CSRF protection. // CSRF protection.
if (whitelist.indexOf(req.path) !== -1) next(); if (_.contains(csrfExclude, req.path)) return next();
else csrf(req, res, next); csrf(req, res, next);
}); });
app.use(function(req, res, next) { app.use(function(req, res, next) {
// Make user object available in templates. // Make user object available in templates.