Added CSRF tokens to non-partial templates.
This commit is contained in:
parent
2ea3c72a61
commit
83f76af6e8
24 changed files with 94 additions and 22 deletions
|
|
@ -16,9 +16,12 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.*/
|
|||
|
||||
//Config
|
||||
const config = require('../../config.json');
|
||||
|
||||
//Local Imports
|
||||
const {userModel} = require('../schemas/user/userSchema');
|
||||
const permissionModel = require('../schemas/permissionSchema');
|
||||
const channelModel = require('../schemas/channel/channelSchema');
|
||||
const csrfUtils = require('../utils/csrfUtils');
|
||||
const {exceptionHandler, errorHandler} = require("../utils/loggerUtils");
|
||||
|
||||
//register page functions
|
||||
|
|
@ -41,7 +44,8 @@ module.exports.get = async function(req, res){
|
|||
rankEnum: permissionModel.rankEnum,
|
||||
chanGuide: chanGuide,
|
||||
userList: userList,
|
||||
permList: permList
|
||||
permList: permList,
|
||||
csrfToken: csrfUtils.generateToken(req)
|
||||
});
|
||||
|
||||
}catch(err){
|
||||
|
|
|
|||
|
|
@ -17,7 +17,10 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.*/
|
|||
//Config
|
||||
const config = require('../../config.json');
|
||||
|
||||
//Local Imports
|
||||
const csrfUtils = require('../utils/csrfUtils');
|
||||
|
||||
//channel functions
|
||||
module.exports.get = function(req, res){
|
||||
res.render('channel', {instance: config.instanceName, user: req.session.user});
|
||||
res.render('channel', {instance: config.instanceName, user: req.session.user, csrfToken: csrfUtils.generateToken(req)});
|
||||
}
|
||||
|
|
@ -18,9 +18,10 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.*/
|
|||
const config = require('../../config.json');
|
||||
|
||||
//local imports
|
||||
const {exceptionHandler, errorHandler} = require('../utils/loggerUtils');
|
||||
const channelModel = require('../schemas/channel/channelSchema');
|
||||
const permissionModel = require('../schemas/permissionSchema');
|
||||
const csrfUtils = require('../utils/csrfUtils');
|
||||
const {exceptionHandler, errorHandler} = require('../utils/loggerUtils');
|
||||
|
||||
//root index functions
|
||||
module.exports.get = async function(req, res){
|
||||
|
|
@ -38,7 +39,7 @@ module.exports.get = async function(req, res){
|
|||
throw new Error("Channel not found.");
|
||||
}
|
||||
|
||||
return res.render('channelSettings', {instance: config.instanceName, user: req.session.user, channel: chanDB, reqRank, rankEnum: permissionModel.rankEnum});
|
||||
return res.render('channelSettings', {instance: config.instanceName, user: req.session.user, channel: chanDB, reqRank, rankEnum: permissionModel.rankEnum, csrfToken: csrfUtils.generateToken(req)});
|
||||
}catch(err){
|
||||
return exceptionHandler(res, err);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,14 +18,15 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.*/
|
|||
const config = require('../../config.json');
|
||||
|
||||
//local imports
|
||||
const {exceptionHandler, errorHandler} = require('../utils/loggerUtils');
|
||||
const channelModel = require('../schemas/channel/channelSchema');
|
||||
const csrfUtils = require('../utils/csrfUtils');
|
||||
const {exceptionHandler, errorHandler} = require('../utils/loggerUtils');
|
||||
|
||||
//root index functions
|
||||
module.exports.get = async function(req, res){
|
||||
try{
|
||||
const chanGuide = await channelModel.getChannelList();
|
||||
return res.render('index', {instance: config.instanceName, user: req.session.user, chanGuide: chanGuide});
|
||||
return res.render('index', {instance: config.instanceName, user: req.session.user, chanGuide: chanGuide, csrfToken: csrfUtils.generateToken(req)});
|
||||
}catch(err){
|
||||
return exceptionHandler(res, err);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -23,6 +23,7 @@ const {validationResult, matchedData} = require('express-validator');
|
|||
//Local Imports
|
||||
const sessionUtils = require('../utils/sessionUtils');
|
||||
const altchaUtils = require('../utils/altchaUtils');
|
||||
const csrfUtils = require('../utils/csrfUtils');
|
||||
|
||||
//register page functions
|
||||
module.exports.get = async function(req, res){
|
||||
|
|
@ -44,7 +45,7 @@ module.exports.get = async function(req, res){
|
|||
//if we have previous attempts for this user
|
||||
if(attempts != null){
|
||||
if(attempts.count > sessionUtils.maxAttempts){
|
||||
return res.render('lockedAccount', {instance: config.instanceName, user: req.session.user});
|
||||
return res.render('lockedAccount', {instance: config.instanceName, user: req.session.user, csrfToken: csrfUtils.generateToken(req)});
|
||||
}
|
||||
|
||||
//If the users login's are being throttled
|
||||
|
|
@ -55,16 +56,16 @@ module.exports.get = async function(req, res){
|
|||
const challenge = await altchaUtils.genCaptcha(difficulty, user);
|
||||
|
||||
//Render page
|
||||
return res.render('login', {instance: config.instanceName, user: req.session.user, challenge});
|
||||
return res.render('login', {instance: config.instanceName, user: req.session.user, challenge, csrfToken: csrfUtils.generateToken(req)});
|
||||
}
|
||||
//otherwise
|
||||
}else{
|
||||
//Render generic page
|
||||
return res.render('login', {instance: config.instanceName, user: req.session.user, challenge: null});
|
||||
return res.render('login', {instance: config.instanceName, user: req.session.user, challenge: null, csrfToken: csrfUtils.generateToken(req)});
|
||||
}
|
||||
//if we received invalid input
|
||||
}else{
|
||||
//Render pretend nothing happened, send out a generic page
|
||||
return res.render('login', {instance: config.instanceName, user: req.session.user, challenge: null});
|
||||
return res.render('login', {instance: config.instanceName, user: req.session.user, challenge: null, csrfToken: csrfUtils.generateToken(req)});
|
||||
}
|
||||
}
|
||||
|
|
@ -16,6 +16,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.*/
|
|||
|
||||
//Local Imports
|
||||
const altchaUtils = require('../utils/altchaUtils');
|
||||
const csrfUtils = require('../utils/csrfUtils');
|
||||
|
||||
//Config
|
||||
const config = require('../../config.json');
|
||||
|
|
@ -26,5 +27,5 @@ module.exports.get = async function(req, res){
|
|||
const challenge = await altchaUtils.genCaptcha();
|
||||
|
||||
//render the page
|
||||
return res.render('newChannel', {instance: config.instanceName, user: req.session.user, challenge});
|
||||
return res.render('newChannel', {instance: config.instanceName, user: req.session.user, challenge, csrfToken: csrfUtils.generateToken(req)});
|
||||
}
|
||||
|
|
@ -22,6 +22,7 @@ const {validationResult, matchedData} = require('express-validator');
|
|||
|
||||
//Local Imports
|
||||
const altchaUtils = require('../utils/altchaUtils');
|
||||
const csrfUtils = require('../utils/csrfUtils');
|
||||
|
||||
//register page functions
|
||||
module.exports.get = async function(req, res){
|
||||
|
|
@ -46,11 +47,11 @@ module.exports.get = async function(req, res){
|
|||
*/
|
||||
|
||||
//Render page
|
||||
return res.render('passwordReset', {instance: config.instanceName, user: req.session.user, challenge, token});
|
||||
return res.render('passwordReset', {instance: config.instanceName, user: req.session.user, challenge, token, csrfToken: csrfUtils.generateToken(req)});
|
||||
//If we didn't get a valid token
|
||||
}else{
|
||||
//otherwise render generic page
|
||||
return res.render('passwordReset', {instance: config.instanceName, user: req.session.user, challenge, token: null});
|
||||
return res.render('passwordReset', {instance: config.instanceName, user: req.session.user, challenge, token: null, csrfToken: csrfUtils.generateToken(req)});
|
||||
}
|
||||
}catch(err){
|
||||
return exceptionHandler(res, err);
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.*/
|
|||
|
||||
//Local Imports
|
||||
const {userModel} = require('../schemas/user/userSchema');
|
||||
const csrfUtils = require('../utils/csrfUtils');
|
||||
const {exceptionHandler, errorHandler} = require('../utils/loggerUtils');
|
||||
|
||||
//Config
|
||||
|
|
@ -27,18 +28,21 @@ module.exports.get = async function(req, res){
|
|||
try{
|
||||
var profileName = req.url.slice(1) == '' ? (req.session.user ? req.session.user.user : null) : req.url.slice(1);
|
||||
|
||||
const profile = await userModel.findProfile({user: profileName})
|
||||
const profile = await userModel.findProfile({user: profileName});
|
||||
|
||||
if(profile){
|
||||
res.render('profile', {
|
||||
instance: config.instanceName,
|
||||
user: req.session.user,
|
||||
profile
|
||||
profile,
|
||||
csrfToken: csrfUtils.generateToken(req)
|
||||
});
|
||||
}else{
|
||||
res.render('profile', {instance: config.instanceName,
|
||||
res.render('profile', {
|
||||
instance: config.instanceName,
|
||||
user: req.session.user,
|
||||
profile: null
|
||||
profile: null,
|
||||
csrfToken: csrfUtils.generateToken(req)
|
||||
});
|
||||
}
|
||||
}catch(err){
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ const config = require('../../config.json');
|
|||
|
||||
//Local Imports
|
||||
const altchaUtils = require('../utils/altchaUtils');
|
||||
const csrfUtils = require('../utils/csrfUtils');
|
||||
|
||||
//register page functions
|
||||
module.exports.get = async function(req, res){
|
||||
|
|
@ -26,5 +27,5 @@ module.exports.get = async function(req, res){
|
|||
const challenge = await altchaUtils.genCaptcha();
|
||||
|
||||
//Render page
|
||||
return res.render('register', {instance: config.instanceName, user: req.session.user, challenge});
|
||||
return res.render('register', {instance: config.instanceName, user: req.session.user, challenge, csrfToken: csrfUtils.generateToken(req)});
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue