mirror of
https://github.com/wassname/talk.git
synced 2026-07-03 07:45:34 +08:00
Adds csrf protection to some routes.
This commit is contained in:
@@ -1,11 +1,9 @@
|
||||
const express = require('express');
|
||||
const router = express.Router();
|
||||
const csrf = require('csurf');
|
||||
//const bodyParser = require('body-parser');
|
||||
|
||||
// setup route middlewares for CSRF protection
|
||||
const csrfProtection = csrf({cookie: true});
|
||||
//const parseForm = bodyParser.urlencoded({ extended: false });
|
||||
|
||||
// Get /password-reset expects a signed token (JWT) in the hash.
|
||||
// Links to this endpoint are generated by /views/password-reset-email.ejs.
|
||||
|
||||
+8
-4
@@ -1,21 +1,25 @@
|
||||
const express = require('express');
|
||||
const router = express.Router();
|
||||
const csrf = require('csurf');
|
||||
const csrfProtection = csrf({cookie: true});
|
||||
|
||||
router.use('/api/v1', require('./api'));
|
||||
router.use('/admin', require('./admin'));
|
||||
router.use('/embed', require('./embed'));
|
||||
|
||||
router.get('/', (req, res) => {
|
||||
router.get('/', csrfProtection, (req, res) => {
|
||||
return res.render('article', {
|
||||
title: 'Coral Talk',
|
||||
basePath: '/client/embed/stream'
|
||||
basePath: '/client/embed/stream',
|
||||
csrfToken: req.csrfToken()
|
||||
});
|
||||
});
|
||||
|
||||
router.get('/assets/:asset_title', (req, res) => {
|
||||
router.get('/assets/:asset_title', csrfProtection, (req, res) => {
|
||||
return res.render('article', {
|
||||
title: req.params.asset_title.split('-').join(' '),
|
||||
basePath: '/client/embed/stream'
|
||||
basePath: '/client/embed/stream',
|
||||
csrfToken: req.csrfToken()
|
||||
});
|
||||
});
|
||||
|
||||
|
||||
Reference in New Issue
Block a user