Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
@Post('/login')
async login() {
const session = await this.store.createAndSaveSessionFromUser({ id: 1 }, { csrfToken: true });
const response = new HttpResponseOK();
setSessionCookie(response, session.getToken());
return response;
}
}
@TokenRequired({
cookie: true,
store: TypeORMStore,
})
@CsrfTokenRequired()
class ApiController {
@Post('/products')
createProduct() {
return new HttpResponseCreated();
}
}
@TokenRequired({
cookie: true,
redirectTo: '/login',
store: TypeORMStore,
})
class PageController {
@Get('/home')
async home(ctx: Context) {
// Normally in an HTML template
describe('[CSRF|regular web app|stateless] Users', () => {
let app: ExpressApplication;
let csrfToken: string;
@CsrfTokenRequired({ doubleSubmitCookie: true })
class ApiController {
@Post('/products')
createProduct() {
return new HttpResponseCreated();
}
}
class PageController {
@Get('/home')
async home(ctx: Context) {
// Normally in an HTML template
const response = new HttpResponseOK();
setCsrfCookie(response, await getCsrfToken());
return response;
}
}
async home(ctx: Context) {
// Normally in an HTML template
const response = new HttpResponseOK();
setCsrfCookie(response, await getCsrfToken());
return response;
}
}
async home(ctx: Context) {
// Normally in an HTML template
return new HttpResponseOK({ csrfToken: await getCsrfToken(ctx.session) });
}
}
describe('[CSRF|spa and api|stateless] Users', () => {
let app;
let csrfToken: string;
class AuthController {
@Post('/login')
async login() {
const response = new HttpResponseOK();
setCsrfCookie(response, await getCsrfToken());
return response;
}
}
@CsrfTokenRequired({ doubleSubmitCookie: true })
class ApiController {
@Post('/products')
createProduct() {
return new HttpResponseCreated();
}
}
class AppController {
subControllers = [
AuthController,
controller('/api', ApiController),
];
}
before(async () => {
process.env.SETTINGS_CSRF_SECRET = 'csrf-secret';
@Post('/login')
async login() {
const session = await this.store.createAndSaveSessionFromUser({ id: 1 }, { csrfToken: true });
const response = new HttpResponseOK();
setSessionCookie(response, session.getToken());
setCsrfCookie(response, await getCsrfToken(session));
return response;
}
}
@TokenRequired({
cookie: true,
store: TypeORMStore,
})
@CsrfTokenRequired()
class ApiController {
@Post('/products')
createProduct() {
return new HttpResponseCreated();
}
}
class AppController {
subControllers = [
AuthController,
controller('/api', ApiController),
];
}
before(async () => {
process.env.SETTINGS_SESSION_SECRET = 'session-secret';
async login() {
const session = await this.store.createAndSaveSessionFromUser({ id: 1 }, { csrfToken: true });
const response = new HttpResponseOK();
setSessionCookie(response, session.getToken());
setCsrfCookie(response, await getCsrfToken(session));
return response;
}
}
async login() {
const response = new HttpResponseOK();
setCsrfCookie(response, await getCsrfToken());
return response;
}
}