proto.signatureUrl = function signatureUrl(name, options) { options = options || {}; name = this._objectName(name); options.method = options.method || 'GET'; const expires = utility.timestamp() + (options.expires || 1800); const params = { bucket: this.options.bucket, object: name }; const resource = this._getResource(params); if (this.options.stsToken) { options['security-token'] = this.options.stsToken; } const signRes = signHelper._signatureForURL(this.options.accessKeySecret, options, resource, expires); const url = urlutil.parse(this._getReqUrl(params)); url.query = { OSSAccessKeyId: this.options.accessKeyId, Expires: expires, Signature: signRes.Signature }; copy(signRes.subResource).to(url.query); return url.format(); };
router.post("/", function(req, res){ console.log(req.body); let { username, password, _csrf:csrf } = req.body; let sessionCsrf = req.session._csrf; console.log("session.csrf ", sessionCsrf); console.log(username, password, csrf); // res.sendfile("./public/form.html"); csrf = utils.timestamp(); req.session._csrf = csrf; res.send(` <html> <head> <meta charset="UTF-8"> <title>Document</title> </head> <body> <form action="/form" method="post"> <input type="hidden" name="_csrf", value="${csrf}"> <input type="text" name="username"> <input type="text" name="password"> <input type="submit", name="submit"> </form> </body> </html> `) });
proto.signatureUrl = function (name, options) { name = this._objectName(name); var params = { bucket: this.options.bucket, object: name }; options = options || {}; var expires = utility.timestamp() + (options.expires || 1800); var resource = this._getResource(params); var query = {}; var signList = []; for (var k in options.response) { var key = 'response-' + k.toLowerCase(); query[key] = options.response[k]; signList.push(key + '=' + options.response[k]); } if (this.options.stsToken) { query['security-token'] = this.options.stsToken; signList.push('security-token=' + this.options.stsToken); } if (signList.length > 0) { signList.sort(); resource += '?' + signList.join('&'); } var stringToSign = [ options.method || 'GET', options['content-md5'] || '', // Content-MD5 options['content-type'] || '', // Content-Type expires, resource ].join('\n'); var signature = this.signature(stringToSign); var url = urlutil.parse(this._getReqUrl(params)); url.query = { OSSAccessKeyId: this.options.accessKeyId, Expires: expires, Signature: signature }; copy(query).to(url.query); return url.format(); };
router.get("/", function(req, res){ let csrf = utils.timestamp(); req.session._csrf = csrf; res.send(` <html> <head> <meta charset="UTF-8"> <title>Document</title> </head> <body> <form action="/form" method="post"> <input type="hidden" name="_csrf", value="${csrf}"> <input type="text" name="username"> <input type="text" name="password"> <input type="submit", name="submit"> </form> </body> </html> `) });
it('should return a upload token with a deadline', function () { var token = this.client.uploadToken({ deadline: utility.timestamp() + 10 }); should.exist(token); });