t.test("should have only one error interceptor in the middleware stack", function (t) {
var agent = helper.instrumentMockedAgent()
, connect = require('connect')
, app = connect()
;
this.tearDown(function () {
helper.unloadAgent(agent);
});
app.use(connect.bodyParser());
t.equal(app.stack.length, 2, "2 handlers after 1st add");
t.equal(app.stack[app.stack.length - 1].handle.name, 'sentinel', "sentinel found");
app.use(connect.cookieParser());
t.equal(app.stack.length, 3, "3 handlers after 2nd add");
t.equal(app.stack[app.stack.length - 1].handle.name, 'sentinel', "sentinel found");
app.use(connect.csrf());
t.equal(app.stack.length, 4, "4 handlers after 3rd add");
t.equal(app.stack[app.stack.length - 1].handle.name, 'sentinel', "sentinel found");
app.use(connect.logger());
t.equal(app.stack.length, 5, "5 handlers after 4th add");
t.equal(app.stack[app.stack.length - 1].handle.name, 'sentinel', "sentinel found");
t.end();
});
setUp: function(callback) {
this.req = { session: {}, method: 'GET' };
this.res = { locals: {} };
this.csrf = connect.csrf();
callback();
},
sails.router.bind('/*', function(req, res, next) {
var allowCrossOriginCSRF = sails.config.csrf.origin.split(',').map(trim).indexOf(req.headers.origin) > -1;
var isRouteDisabled = sails.config.csrf.routesDisabled.split(',').map(trim).indexOf(req.path) > -1;
// Start with a clear _csrf template token
res.locals._csrf = null;
// Disable CSRF protection for specified routes
if (isRouteDisabled) {
sails.log.silly("Disabling CSRF protection for " + req.url + " since it is explcitly set in sails.config.csrf.routesDisabled.");
return next();
}
// Disable CSRF protection when no session is present
if (!req.session) {
sails.log.silly("Disabling CSRF protection for " + req.url + " since request has no session.");
return next();
}
// If CSRF protection is on, run it
if (sails.config.csrf.protectionEnabled) {
var connect = require('connect');
try {
return connect.csrf()(req, res, function() {
if (util.isSameOrigin(req) || allowCrossOriginCSRF) {
res.locals._csrf = req.csrfToken();
} else {
res.locals._csrf = null;
}
next();
});
} catch(err) {
// Only attempt to handle invalid csrf tokens
if (err.message != 'invalid csrf token') throw err;
// Return an Access-Control-Allow-Origin header in case this is a xdomain request
if (req.headers.origin) {
res.set('Access-Control-Allow-Origin', req.headers.origin);
res.set('Access-Control-Allow-Credentials', true);
}
return res.forbidden("CSRF mismatch");
}
}
// Always ok
next();
}, null, {_middlewareType: 'CSRF HOOK: CSRF'});
sails.router.bind('/*', function(req, res, next) {
var allowCrossOriginCSRF = sails.config.csrf.origin.split(',').map(trim).indexOf(req.headers.origin) > -1;
if (sails.config.csrf.protectionEnabled) {
var connect = require('connect');
try {
return connect.csrf()(req, res, function() {
if (util.isSameOrigin(req) || allowCrossOriginCSRF) {
res.locals._csrf = req.csrfToken();
} else {
res.locals._csrf = null;
}
next();
});
} catch(err) {
// Only attempt to handle invalid csrf tokens
if (err.message != 'invalid csrf token') throw err;
var isRouteDisabled = sails.config.csrf.routesDisabled.split(',').map(trim).indexOf(req.path) > -1;
if (isRouteDisabled) {
return next();
} else {
// Return an Access-Control-Allow-Origin header in case this is a xdomain request
if (req.headers.origin) {
res.set('Access-Control-Allow-Origin', req.headers.origin);
res.set('Access-Control-Allow-Credentials', true);
}
return res.forbidden("CSRF mismatch");
}
}
}
// Always ok
res.locals._csrf = null;
next();
}, null, {_middlewareType: 'CSRF HOOK: CSRF'});
/**
* Module dependencies.
*/
var connect = require('connect');
var path = require('path');
var urlrouter = require('urlrouter');
var render = require('connect-render');
var routes = require('./routes');
var app = connect(
connect.bodyParser(),
connect.cookieParser(),
connect.session({ secret: 'todo secret', key: 'sid' }),
connect.csrf()
);
/**
* Static files
*/
app.use('/public', connect.static(path.join(__dirname, 'public')));
/**
* Template Engine helper
*/
app.use(render({
root: __dirname + '/views',
layout: 'layout.html',
cache: false, // must set `true` for prodution
helpers: {
require('./lib/patch');
var connect = require('connect');
var render = require('connect-render');
var urlrouter = require('urlrouter');
var config = require('./conf/config');
var todo = require('./controllers/todo');
var app = connect();
app.use('/public', connect.static(__dirname + '/public', {maxAge: 3600000 * 24 * 30}));
app.use(connect.cookieParser());
app.use(connect.query());
app.use(connect.bodyParser());
app.use(connect.session({secret: config.session_secret}));
app.use(connect.csrf());
app.use(render({
root: __dirname + '/views',
layout: 'layout.html',
cache: config.debug,//debug模式不使用cache
helpers: {
config: config,
_csrf: function (req, res) {
return req.session._csrf;
}
}
}));
/**
* 路由 Router
*/