gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

CSRF refactoring

Browse Source
This commit is contained in:
Sahat Yalkabov
2014-05-06 00:44:30 -04:00
parent d7df8bf555
commit 9e90ccb3e6
1 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
app.js
View File

@ -52,17 +52,19 @@ mongoose.connection.on('error', function() {
console.error('✗ MongoDB Connection Error. Please make sure MongoDB is running.'); console.error('✗ MongoDB Connection Error. Please make sure MongoDB is running.');
}); });
/**
* Express configuration.
*/
var hour = 3600000; var hour = 3600000;
var day = hour * 24; var day = hour * 24;
var week = day * 7; var week = day * 7;
var csrfWhitelist = [ /**
'/this-url-will-bypass-csrf' * CSRF Whitelist
]; */
var whitelist = ['/url1', '/url2'];
/**
* Express configuration.
*/
app.set('port', process.env.PORT || 3000); app.set('port', process.env.PORT || 3000);
app.set('views', path.join(__dirname, 'views')); app.set('views', path.join(__dirname, 'views'));
@ -88,9 +90,8 @@ app.use(session({
app.use(passport.initialize()); app.use(passport.initialize());
app.use(passport.session()); app.use(passport.session());
app.use(function(req, res, next) { app.use(function(req, res, next) {
// Conditional CSRF. if (whitelist.indexOf(req.path) !== -1) next();
if (_.contains(csrfWhitelist, req.path)) return next(); else csrf(req, res, next);
csrf(req, res, next);
}); });
app.use(function(req, res, next) { app.use(function(req, res, next) {
res.locals.user = req.user; res.locals.user = req.user;