This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Submit Form Data | |
app.post('/posts', (req, res) => { | |
const inputTitle = req.body.inputTitle; | |
const inputContent = req.body.inputContent; | |
const inputToken = req.body.inputToken; | |
const cookieToken = req.cookies['csrf-token']; | |
// Checking if Cookie Token matches CSRF Token Submitted |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<script> | |
function getTokenAndInject() { | |
const CSRF_TOKEN = Cookies.get('csrf-token'); | |
$("#contentForm").append( | |
`<input type="text" hidden name="inputToken" id="inputToken" value=${CSRF_TOKEN} />` | |
) | |
</script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
HTTP/1.1 200 OK | |
X-Powered-By: Express | |
Surrogate-Control: no-store | |
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate | |
Pragma: no-cache | |
Expires: 0 | |
Set-Cookie: session-id=ff92a770-d937-11e8-a4f8-eba9f6bc5b66 | |
Set-Cookie: time=1540569516904 | |
Set-Cookie: csrf-token=22fdb868-5f52-45a5-b85b-c5ace7af43e8 | |
Accept-Ranges: bytes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Validate Credentials | |
app.post('/home', (req, res) => { | |
const username = req.body.inputUsername; | |
const password = req.body.inputPassword; | |
const sessionID = req.cookies['session-id']; | |
const cookieToken = req.cookies['csrf-token']; | |
if (username === 'root' && password === 'root') { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Signs out and clear the session ID with CSRF token | |
app.post('/logout', (req, res) => { | |
const sessionID = req.cookies['session-id']; | |
delete SESSION_IDS[sessionID]; | |
console.log(sessionID + ': Removed'); | |
res.clearCookie("session-id"); | |
res.clearCookie("time"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Submit Form Data | |
app.post('/posts', (req, res) => { | |
const inputTitle = req.body.inputTitle; | |
const inputContent = req.body.inputContent; | |
const inputToken = req.body.inputToken; | |
const sessionID = req.cookies['session-id']; | |
// Checking if Session ID matches CSRF Cookie | |
if (SESSION_IDS[sessionID] && SESSION_IDS[sessionID] === inputToken) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<script> | |
function getTokenAndInject() { | |
$("#errorMessage").hide(); | |
axios.post('/tokens', {withCredentials: true}) | |
.then(response => { | |
$("#contentForm").append( | |
`<input type="text" hidden name="inputToken" id="inputToken" value=${response.data.token} />` | |
) | |
}) | |
.catch(error => { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Validate Credentials | |
app.post('/home', (req, res) => { | |
const username = req.body.inputUsername; | |
const password = req.body.inputPassword; | |
if (username === 'root' && password === 'root') { | |
console.log("Home: Logged with valid credentials"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Applying middleware | |
app.use(bodyParser.urlencoded({extended: false})); | |
app.use(bodyParser.json()); | |
app.use(cookieParser()); | |
app.use(nocache()); | |
// Views | |
app.use(express.static('views')); | |
// Server Startup |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Login Page Load | |
app.get('/', (req, res) => { | |
const sessionID = req.cookies['session-id']; | |
if (sessionID && SESSION_IDS[sessionID]) { | |
console.log("Login: Valid Session Found !"); | |
res.sendFile('views/form.html', {root: __dirname}); | |
} else { | |
console.log("Login: No Valid Session Found !"); | |
res.sendFile('views/login.html', {root: __dirname}); |