t.test("should have only one error interceptor in the middleware stack", function (t) { var agent = helper.instrumentMockedAgent() , connect = require('connect') , app = connect() ; this.tearDown(function () { helper.unloadAgent(agent); }); app.use(connect.bodyParser()); t.equal(app.stack.length, 2, "2 handlers after 1st add"); t.equal(app.stack[app.stack.length - 1].handle.name, 'sentinel', "sentinel found"); app.use(connect.cookieParser()); t.equal(app.stack.length, 3, "3 handlers after 2nd add"); t.equal(app.stack[app.stack.length - 1].handle.name, 'sentinel', "sentinel found"); app.use(connect.csrf()); t.equal(app.stack.length, 4, "4 handlers after 3rd add"); t.equal(app.stack[app.stack.length - 1].handle.name, 'sentinel', "sentinel found"); app.use(connect.logger()); t.equal(app.stack.length, 5, "5 handlers after 4th add"); t.equal(app.stack[app.stack.length - 1].handle.name, 'sentinel', "sentinel found"); t.end(); });
setUp: function(callback) { this.req = { session: {}, method: 'GET' }; this.res = { locals: {} }; this.csrf = connect.csrf(); callback(); },
sails.router.bind('/*', function(req, res, next) { var allowCrossOriginCSRF = sails.config.csrf.origin.split(',').map(trim).indexOf(req.headers.origin) > -1; var isRouteDisabled = sails.config.csrf.routesDisabled.split(',').map(trim).indexOf(req.path) > -1; // Start with a clear _csrf template token res.locals._csrf = null; // Disable CSRF protection for specified routes if (isRouteDisabled) { sails.log.silly("Disabling CSRF protection for " + req.url + " since it is explcitly set in sails.config.csrf.routesDisabled."); return next(); } // Disable CSRF protection when no session is present if (!req.session) { sails.log.silly("Disabling CSRF protection for " + req.url + " since request has no session."); return next(); } // If CSRF protection is on, run it if (sails.config.csrf.protectionEnabled) { var connect = require('connect'); try { return connect.csrf()(req, res, function() { if (util.isSameOrigin(req) || allowCrossOriginCSRF) { res.locals._csrf = req.csrfToken(); } else { res.locals._csrf = null; } next(); }); } catch(err) { // Only attempt to handle invalid csrf tokens if (err.message != 'invalid csrf token') throw err; // Return an Access-Control-Allow-Origin header in case this is a xdomain request if (req.headers.origin) { res.set('Access-Control-Allow-Origin', req.headers.origin); res.set('Access-Control-Allow-Credentials', true); } return res.forbidden("CSRF mismatch"); } } // Always ok next(); }, null, {_middlewareType: 'CSRF HOOK: CSRF'});
sails.router.bind('/*', function(req, res, next) { var allowCrossOriginCSRF = sails.config.csrf.origin.split(',').map(trim).indexOf(req.headers.origin) > -1; if (sails.config.csrf.protectionEnabled) { var connect = require('connect'); try { return connect.csrf()(req, res, function() { if (util.isSameOrigin(req) || allowCrossOriginCSRF) { res.locals._csrf = req.csrfToken(); } else { res.locals._csrf = null; } next(); }); } catch(err) { // Only attempt to handle invalid csrf tokens if (err.message != 'invalid csrf token') throw err; var isRouteDisabled = sails.config.csrf.routesDisabled.split(',').map(trim).indexOf(req.path) > -1; if (isRouteDisabled) { return next(); } else { // Return an Access-Control-Allow-Origin header in case this is a xdomain request if (req.headers.origin) { res.set('Access-Control-Allow-Origin', req.headers.origin); res.set('Access-Control-Allow-Credentials', true); } return res.forbidden("CSRF mismatch"); } } } // Always ok res.locals._csrf = null; next(); }, null, {_middlewareType: 'CSRF HOOK: CSRF'});
/** * Module dependencies. */ var connect = require('connect'); var path = require('path'); var urlrouter = require('urlrouter'); var render = require('connect-render'); var routes = require('./routes'); var app = connect( connect.bodyParser(), connect.cookieParser(), connect.session({ secret: 'todo secret', key: 'sid' }), connect.csrf() ); /** * Static files */ app.use('/public', connect.static(path.join(__dirname, 'public'))); /** * Template Engine helper */ app.use(render({ root: __dirname + '/views', layout: 'layout.html', cache: false, // must set `true` for prodution helpers: {
require('./lib/patch'); var connect = require('connect'); var render = require('connect-render'); var urlrouter = require('urlrouter'); var config = require('./conf/config'); var todo = require('./controllers/todo'); var app = connect(); app.use('/public', connect.static(__dirname + '/public', {maxAge: 3600000 * 24 * 30})); app.use(connect.cookieParser()); app.use(connect.query()); app.use(connect.bodyParser()); app.use(connect.session({secret: config.session_secret})); app.use(connect.csrf()); app.use(render({ root: __dirname + '/views', layout: 'layout.html', cache: config.debug,//debug模式不使用cache helpers: { config: config, _csrf: function (req, res) { return req.session._csrf; } } })); /** * 路由 Router */