Dockery/Trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-10-31 18:36:30 +01:00
Code Issues Packages Projects Releases Activity

added extra logging for debugging CSRF issues

Browse Source
This commit is contained in:
zadam
2019-05-29 23:13:15 +02:00
parent 012a18be00
commit 0a0cac5f41
2 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/app.js
View File

@@ -67,6 +67,18 @@ require('./routes/routes').register(app);
require('./routes/custom').register(app);
app.use((err, req, res, next) => {
if (err.code !== 'EBADCSRFTOKEN') {
return next(err);
}
log.error(`Invalid CSRF token: ${req.headers['x-csrf-token']}, secret: ${req.cookies['_csrf']}`);
err = new Error('Invalid CSRF token');
err.status = 403;
next(err);
});
// catch 404 and forward to error handler
app.use((req, res, next) => {
const err = new Error('Router not found for request ' + req.url);

6
src/routes/index.js
View File

@@ -5,14 +5,18 @@ const sql = require('../services/sql');
const attributeService = require('../services/attributes');
const config = require('../services/config');
const optionService = require('../services/options');
const log = require('../services/log');
async function index(req, res) {
const options = await optionService.getOptionsMap();
const view = req.cookies['trilium-device'] === 'mobile' ? 'mobile' : 'desktop';
const csrfToken = req.csrfToken();
log.info(`Generated CSRF token ${csrfToken} with secret ${res.getHeader('set-cookie')}`);
res.render(view, {
csrfToken: req.csrfToken(),
csrfToken: csrfToken,
theme: options.theme,
leftPaneMinWidth: parseInt(options.leftPaneMinWidth),
leftPaneWidthPercent: parseInt(options.leftPaneWidthPercent),