Added csurf and cookie-parser Dependencies and Added Generate CSRF To…

…ken Feature
stanleyowen · Mar 15, 2021 · a00218d · a00218d
1 parent f80ebf5
commit a00218d
Show file tree

Hide file tree

Showing 3 changed files with 172 additions and 0 deletions.
diff --git a/server/index.js b/server/index.js
@@ -1,21 +1,36 @@
 const cors = require('cors');
+const csrf = require('csurf');
 const helmet = require('helmet');
 const express = require('express');
 const passport = require('passport');
 const mongoose = require('mongoose');
+const cookieParser = require('cookie-parser');
 
 const app = express();
 const PORT = process.env.PORT || 5000;
+const csrfProtection = csrf({ cookie: true })
 
 require('dotenv').config();
 require('./config/passport');
 
 app.use(cors());
 app.use(helmet());
 app.use(express.urlencoded({ extended: true }));
+app.use(cookieParser());
 app.use(express.json());
 app.use(passport.initialize());
 
+app.use(csrfProtection, (req, res, next) => {
+    var token = req.csrfToken();
+    res.cookie('XSRF-TOKEN', token);
+    res.locals.csrfToken = token;
+    next();
+});
+
+app.get('/csrf', csrfProtection, (req, res) => {
+    res.json({'XSRF-TOKEN': req.csrfToken()});
+});
+
 const usersRouter = require('./routes/users.route');
 const todoRouter = require('./routes/todo.route');
 const statusRouter = require('./routes/status.route');

diff --git a/server/package-lock.json b/server/package-lock.json
diff --git a/server/package.json b/server/package.json
@@ -12,8 +12,10 @@
   "dependencies": {
     "axios": "^0.21.1",
     "bcrypt": "^5.0.1",
+    "cookie-parser": "^1.4.5",
     "cors": "^2.8.5",
     "crypto": "^1.0.1",
+    "csurf": "^1.11.0",
     "dotenv": "^8.2.0",
     "express": "^4.17.1",
     "helmet": "^4.4.1",