All files / middlewares csrfVerify.js

23.08% Statements 3/13
0% Branches 0/10
50% Functions 1/2
23.08% Lines 3/13

Press n or j to go to the next uncovered block, b, p or k for the previous block.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 2215x   15x 15x                                    
const debug = require('debug')('crowi:middlewares:csrfVerify')
 
module.exports = (crowi, app) => {
  return (req, res, next) => {
    var token = req.body._csrf || req.query._csrf || null
    var csrfKey = (req.session && req.session.id) || 'anon'
 
    debug('req.skipCsrfVerify', req.skipCsrfVerify)
    if (req.skipCsrfVerify) {
      debug('csrf verify skipped')
      return next()
    }
 
    if (crowi.getTokens().verify(csrfKey, token)) {
      return next()
    }
 
    debug('csrf verification failed. return 403', csrfKey, token)
    return res.sendStatus(403)
  }
}