Adds csrf protection to some routes.

This commit is contained in:
gaba
2016-12-15 13:12:03 -08:00
parent fc042779c2
commit 369ed3fc29
2 changed files with 8 additions and 6 deletions
-2
View File
@@ -1,11 +1,9 @@
const express = require('express');
const router = express.Router();
const csrf = require('csurf');
//const bodyParser = require('body-parser');
// setup route middlewares for CSRF protection
const csrfProtection = csrf({cookie: true});
//const parseForm = bodyParser.urlencoded({ extended: false });
// Get /password-reset expects a signed token (JWT) in the hash.
// Links to this endpoint are generated by /views/password-reset-email.ejs.
+8 -4
View File
@@ -1,21 +1,25 @@
const express = require('express');
const router = express.Router();
const csrf = require('csurf');
const csrfProtection = csrf({cookie: true});
router.use('/api/v1', require('./api'));
router.use('/admin', require('./admin'));
router.use('/embed', require('./embed'));
router.get('/', (req, res) => {
router.get('/', csrfProtection, (req, res) => {
return res.render('article', {
title: 'Coral Talk',
basePath: '/client/embed/stream'
basePath: '/client/embed/stream',
csrfToken: req.csrfToken()
});
});
router.get('/assets/:asset_title', (req, res) => {
router.get('/assets/:asset_title', csrfProtection, (req, res) => {
return res.render('article', {
title: req.params.asset_title.split('-').join(' '),
basePath: '/client/embed/stream'
basePath: '/client/embed/stream',
csrfToken: req.csrfToken()
});
});