CSRF refactoring
This commit is contained in:
Sahat Yalkabov
21
app.js
21
app.js
@ -52,17 +52,19 @@ mongoose.connection.on('error', function() {
|
||||
console.error('✗ MongoDB Connection Error. Please make sure MongoDB is running.');
|
||||
});
|
||||
|
||||
/**
|
||||
* Express configuration.
|
||||
*/
|
||||
|
||||
var hour = 3600000;
|
||||
var day = hour * 24;
|
||||
var week = day * 7;
|
||||
|
||||
var csrfWhitelist = [
|
||||
'/this-url-will-bypass-csrf'
|
||||
];
|
||||
/**
|
||||
* CSRF Whitelist
|
||||
*/
|
||||
|
||||
var whitelist = ['/url1', '/url2'];
|
||||
|
||||
/**
|
||||
* Express configuration.
|
||||
*/
|
||||
|
||||
app.set('port', process.env.PORT || 3000);
|
||||
app.set('views', path.join(__dirname, 'views'));
|
||||
@ -88,9 +90,8 @@ app.use(session({
|
||||
app.use(passport.initialize());
|
||||
app.use(passport.session());
|
||||
app.use(function(req, res, next) {
|
||||
// Conditional CSRF.
|
||||
if (_.contains(csrfWhitelist, req.path)) return next();
|
||||
csrf(req, res, next);
|
||||
if (whitelist.indexOf(req.path) !== -1) next();
|
||||
else csrf(req, res, next);
|
||||
});
|
||||
app.use(function(req, res, next) {
|
||||
res.locals.user = req.user;
|
||||
|
||||
Reference in New Issue
Block a user