rainbownapkin/canopy
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity Actions

Added CSRF tokens to non-partial templates.

Browse source
This commit is contained in:
rainbow napkin 2024-12-29 15:02:37 -05:00
parent 2ea3c72a61
commit 83f76af6e8
24 changed files with 94 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

26
src/utils/csrfUtils.js Normal file
View file

@ -0,0 +1,26 @@
/*Canopy - The next generation of stoner streaming software
Copyright (C) 2024 Rainbownapkin and the TTN Community
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.*/
//NPM Imports
const { csrfSync } = require('csrf-sync');
//Pull needed methods from csrfSync
const {generateToken, revokeToken, csrfSynchronisedProtection,} = csrfSync();
//Export them per csrfSync documentation
module.exports.generateToken = generateToken;
module.exports.revokeToken = revokeToken;
module.exports.csrfSynchronisedProtection = csrfSynchronisedProtection;

3
src/utils/sessionUtils.js
View file

@ -14,7 +14,7 @@ GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.*/
//local imports
//Local Imports
const {userModel} = require('../schemas/user/userSchema');
const userBanModel = require('../schemas/user/userBanSchema')
const altchaUtils = require('../utils/altchaUtils');
@ -71,7 +71,6 @@ module.exports.authenticateSession = async function(user, pass, req){
//Not sure if this is just how connect-mongo is implemented or if it's an express issue, but connect-mongodb-session seems to not implement the all() function what so ever...
req.session.seshid = req.session.id;
req.session.authdate = new Date();
req.session.authip = req.ip;
req.session.user = {
user: userDB.user,
id: userDB.id,