forked from senchalabs/connect
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcsrf.js
More file actions
36 lines (31 loc) · 963 Bytes
/
csrf.js
File metadata and controls
36 lines (31 loc) · 963 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
/**
* Module dependencies.
*/
var connect = require('../')
, http = require('http');
var form = '\n\
<form action="/" method="post">\n\
<input type="hidden" name="_csrf" value="{token}" />\n\
<input type="text" name="user[name]" value="{user}" placeholder="Username" />\n\
<input type="submit" value="Login" />\n\
</form>\n\
';
var app = connect()
.use(connect.cookieParser())
.use(connect.session({ secret: 'keyboard cat' }))
.use(connect.bodyParser())
.use(connect.csrf())
.use(function(req, res, next){
if ('POST' != req.method) return next();
req.session.user = req.body.user;
next();
})
.use(function(req, res){
res.setHeader('Content-Type', 'text/html');
var body = form
.replace('{token}', req.csrfToken())
.replace('{user}', req.session.user && req.session.user.name || '');
res.end(body);
});
http.createServer(app).listen(3000);
console.log('Server listening on port 3000');