1 | hat = require 'hat'
|
2 | defaultError = (req, res) ->
|
3 | console.error 'csrf error'
|
4 | res.end 'an error occurred...'
|
5 |
|
6 | module.exports = (onFail = defaultError) -> (req, res, next) ->
|
7 | throw new Error 'missing session' unless req.session?
|
8 | req.session.csrfToken ?= hat 64*4
|
9 | return next() if req.method.toUpperCase() in ['GET', 'HEAD']
|
10 | return next() if req?.body?.csrf_token is req.session.csrfToken
|
11 | # we have a problem
|
12 | delete req.session.csrfToken
|
13 | onFail req, res
|