Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-05-06 08:17:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: require csrf token if not using bearer token

Browse Source
This commit is contained in:
Julian Lam
2020-10-13 16:58:44 -04:00
parent 30b3fedca4
commit 1e07886f30
3 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/middleware/index.js
View File

@@ -48,6 +48,7 @@ middleware.applyCSRF = function (req, res, next) {
next();
}
};
middleware.applyCSRFasync = util.promisify(middleware.applyCSRF);
middleware.ensureLoggedIn = ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login');

4
src/middleware/user.js
View File

@@ -34,6 +34,10 @@ module.exports = function (middleware) {
const loginAsync = util.promisify(req.login).bind(req);
if (req.loggedIn) {
if (res.locals.isAPI) {
await middleware.applyCSRFasync(req, res);
}
return true;
} else if (req.headers.hasOwnProperty('authorization')) {
const user = await passportAuthenticateAsync(req, res);