All files / lib/middlewares csrfVerify.ts

16.67% Statements 2/12
0% Branches 0/10
50% Functions 1/2
16.67% Lines 2/12

Press n or j to go to the next uncovered block, b, p or k for the previous block.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25      16x     16x                                    
import Crowi from 'server/crowi'
import Debug from 'debug'
 
const debug = Debug('crowi:middlewares:csrfVerify')
 
export default (crowi: Crowi) => {
  return (req, res, next) => {
    const token = req.body._csrf || req.query._csrf || null
    const csrfKey = (req.session && req.session.id) || 'anon'
 
    debug('req.skipCsrfVerify', req.skipCsrfVerify)
    if (req.skipCsrfVerify) {
      debug('csrf verify skipped')
      return next()
    }
 
    if (crowi.getTokens().verify(csrfKey, token)) {
      return next()
    }
 
    debug('csrf verification failed. return 403', csrfKey, token)
    return res.sendStatus(403)
  }
}