Press n or j to go to the next uncovered block, b, p or k for the previous block.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | 16x 16x | import Crowi from 'server/crowi' import Debug from 'debug' const debug = Debug('crowi:middlewares:csrfVerify') export default (crowi: Crowi) => { return (req, res, next) => { const token = req.body._csrf || req.query._csrf || null const csrfKey = (req.session && req.session.id) || 'anon' debug('req.skipCsrfVerify', req.skipCsrfVerify) if (req.skipCsrfVerify) { debug('csrf verify skipped') return next() } if (crowi.getTokens().verify(csrfKey, token)) { return next() } debug('csrf verification failed. return 403', csrfKey, token) return res.sendStatus(403) } } |