mirror of
https://github.com/bodyrep/DemoApp.git
synced 2026-02-04 11:31:53 +00:00
52 lines
3.8 KiB
JavaScript
52 lines
3.8 KiB
JavaScript
/* automatically generated by JSCoverage - do not edit */
|
|
if (typeof _$jscoverage === 'undefined') _$jscoverage = {};
|
|
if (! _$jscoverage['middleware/csrf.js']) {
|
|
_$jscoverage['middleware/csrf.js'] = [];
|
|
_$jscoverage['middleware/csrf.js'][11] = 0;
|
|
_$jscoverage['middleware/csrf.js'][39] = 0;
|
|
_$jscoverage['middleware/csrf.js'][40] = 0;
|
|
_$jscoverage['middleware/csrf.js'][41] = 0;
|
|
_$jscoverage['middleware/csrf.js'][43] = 0;
|
|
_$jscoverage['middleware/csrf.js'][45] = 0;
|
|
_$jscoverage['middleware/csrf.js'][48] = 0;
|
|
_$jscoverage['middleware/csrf.js'][51] = 0;
|
|
_$jscoverage['middleware/csrf.js'][54] = 0;
|
|
_$jscoverage['middleware/csrf.js'][56] = 0;
|
|
_$jscoverage['middleware/csrf.js'][69] = 0;
|
|
_$jscoverage['middleware/csrf.js'][70] = 0;
|
|
}
|
|
_$jscoverage['middleware/csrf.js'][11]++;
|
|
var utils = require("../utils");
|
|
_$jscoverage['middleware/csrf.js'][39]++;
|
|
module.exports = (function csrf(options) {
|
|
_$jscoverage['middleware/csrf.js'][40]++;
|
|
options = options || {};
|
|
_$jscoverage['middleware/csrf.js'][41]++;
|
|
var value = options.value || defaultValue;
|
|
_$jscoverage['middleware/csrf.js'][43]++;
|
|
return (function (req, res, next) {
|
|
_$jscoverage['middleware/csrf.js'][45]++;
|
|
var token = req.session._csrf || (req.session._csrf = utils.uid(24));
|
|
_$jscoverage['middleware/csrf.js'][48]++;
|
|
if ("GET" == req.method || "HEAD" == req.method || "OPTIONS" == req.method) {
|
|
_$jscoverage['middleware/csrf.js'][48]++;
|
|
return next();
|
|
}
|
|
_$jscoverage['middleware/csrf.js'][51]++;
|
|
var val = value(req);
|
|
_$jscoverage['middleware/csrf.js'][54]++;
|
|
if (val != token) {
|
|
_$jscoverage['middleware/csrf.js'][54]++;
|
|
return next(utils.error(403));
|
|
}
|
|
_$jscoverage['middleware/csrf.js'][56]++;
|
|
next();
|
|
});
|
|
});
|
|
_$jscoverage['middleware/csrf.js'][69]++;
|
|
function defaultValue(req) {
|
|
_$jscoverage['middleware/csrf.js'][70]++;
|
|
return (req.body && req.body._csrf) || (req.query && req.query._csrf) || req.headers["x-csrf-token"];
|
|
}
|
|
_$jscoverage['middleware/csrf.js'].source = ["/*!"," * Connect - csrf"," * Copyright(c) 2011 Sencha Inc."," * MIT Licensed"," */","","/**"," * Module dependencies."," */","","var utils = require('../utils');","","/**"," * Anti CSRF:"," *"," * CRSF protection middleware."," *"," * By default this middleware generates a token named \"_csrf\""," * which should be added to requests which mutate"," * state, within a hidden form field, query-string etc. This"," * token is validated against the visitor's `req.session._csrf`"," * property."," *"," * The default `value` function checks `req.body` generated"," * by the `bodyParser()` middleware, `req.query` generated"," * by `query()`, and the \"X-CSRF-Token\" header field."," *"," * This middleware requires session support, thus should be added"," * somewhere _below_ `session()` and `cookieParser()`."," *"," * Options:"," *"," * - `value` a function accepting the request, returning the token "," *"," * @param {Object} options"," * @api public"," */","","module.exports = function csrf(options) {"," options = options || {};"," var value = options.value || defaultValue;",""," return function(req, res, next){"," // generate CSRF token"," var token = req.session._csrf || (req.session._csrf = utils.uid(24));",""," // ignore these methods"," if ('GET' == req.method || 'HEAD' == req.method || 'OPTIONS' == req.method) return next();",""," // determine value"," var val = value(req);",""," // check"," if (val != token) return next(utils.error(403));"," "," next();"," }","};","","/**"," * Default value function, checking the `req.body`"," * and `req.query` for the CSRF token."," *"," * @param {IncomingMessage} req"," * @return {String}"," * @api private"," */","","function defaultValue(req) {"," return (req.body && req.body._csrf)"," || (req.query && req.query._csrf)"," || (req.headers['x-csrf-token']);","}"];
|