UNPKG

mw/src/csrf.coffee

Version:

486 Btext/coffeescriptView Raw

1hat = require 'hat'
2defaultError = (req, res) ->
3    console.error 'csrf error'
4    res.end 'an error occurred...'
5
6module.exports = (onFail = defaultError) -> (req, res, next) ->
7    throw new Error 'missing session' unless req.session?
8    req.session.csrfToken ?= hat 64*4
9    return next() if req.method.toUpperCase() in ['GET', 'HEAD']
10    return next() if req?.body?.csrf_token is req.session.csrfToken
11    # we have a problem
12    delete req.session.csrfToken
13    onFail req, res

1	`hat = require 'hat'`
2	`defaultError = (req, res) ->`
3	`console.error 'csrf error'`
4	`res.end 'an error occurred...'`
5
6	`module.exports = (onFail = defaultError) -> (req, res, next) ->`
7	`throw new Error 'missing session' unless req.session?`
8	`req.session.csrfToken ?= hat 64*4`
9	`return next() if req.method.toUpperCase() in ['GET', 'HEAD']`
10	`return next() if req?.body?.csrf_token is req.session.csrfToken`
11	`# we have a problem`
12	`delete req.session.csrfToken`
13	`onFail req, res`