Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
var express = require('express'),
xero = require('..')
var publicConfigFile = "/Users/jordan.walsh/.xero/public_app_config.json";
// Setup the Express.js server
var app = express();
app.use(express.logger());
app.use(express.bodyParser());
app.use(express.cookieParser());
app.use(express.cookieSession({ secret: 'sfsdfsdfsdfsdf234234234fd', cookie: { maxAge: 123467654456 } }));
// Home Page
app.get('/', function(req, res) {
if (!req.session.authorized) {
res.redirect("/request");
} else {
res.redirect("/organisations");
}
});
// Request an OAuth Request Token, and redirects the user to authorize it
app.get('/request', function(req, res) {
var xeroApp = new xero.PublicApplication(publicConfigFile, {
authorizeCallbackUrl: 'http://localhost:3100/access',
runscopeBucketId: "ei635hnc0fem"
});
xeroApp.getRequestToken(function(err, token, secret) {
function setup(options, imports, register) {
var workspace = imports.workspace;
var logger = imports.logger.namespace("web");
// Expres app
var app = express();
// Apply middlewares
app.use(express.cookieParser());
app.use(express.cookieSession({
'key': ['sess', workspace.id].join('.'),
'secret': workspace.secret,
}));
// Error handling
app.use(function(err, req, res, next) {
if(!err) return next();
res.send({
'error': err.message
}, 500);
logger.error(err.stack);
});
// Get User and set it to res object
app.use(function getUser(req, res, next) {
function setup(options, imports, register) {
// Import
var app = imports.server.app;
var workspace = imports.workspace;
// Apply middlewares
app.use(express.cookieParser());
app.use(express.cookieSession({
key: ['sess', workspace.id].join('.'),
secret: workspace.secret,
}));
// Get User and set it to res object
app.use(function getUser(req, res, next) {
// Pause request stream
req.pause();
var uid = req.session.userId;
if(uid) {
return workspace.getUser(uid)
.then(function(user) {
// Set user
res.user = user;
// Activate user
function setSessionStore (app) {
app.use(express.cookieParser())
// TODO: Boolean to load redis
app.use(
express.cookieSession(
{ secret : 'f29208b23abeb2099b3f24e0d53a8a36875cb43c'} ))
return app
}
var express = require('express');
var app = express();
var db = require('./data/db.js'),
album_hdlr = require('./handlers/albums.js'),
page_hdlr = require('./handlers/pages.js'),
user_hdlr = require('./handlers/users.js'),
helpers = require('./handlers/helpers.js');
app.use(express.logger('dev'));
app.use(express.bodyParser({ keepExtensions: true }));
app.use(express.static(__dirname + "/../static"));
app.use(express.cookieParser("kitten on keyboard"));
app.use(express.cookieSession({
secret: "FLUFFY BUNNIES",
maxAge: 86400000
}));
app.get('/v1/albums.json', album_hdlr.list_all);
app.get('/v1/albums/:album_name.json', album_hdlr.album_by_name);
app.put('/v1/albums.json', requireAPILogin, album_hdlr.create_album);
app.get('/v1/albums/:album_name/photos.json', album_hdlr.photos_for_album);
app.put('/v1/albums/:album_name/photos.json',
requireAPILogin, album_hdlr.add_photo_to_album);
// add-on requests we support for the purposes of the web interface
// to the server.
app.get('/pages/admin/:sub_page',
var workspace = imports.workspace;
var logger = imports.logger.namespace("web");
// Expres app
var app = express();
if (options.dev) {
app.use(function(req, res, next) {
logger.log("["+req.method+"]", req.url);
next();
});
}
// Apply middlewares
app.use(express.cookieParser());
app.use(express.cookieSession({
'key': ['sess', workspace.id].join('.'),
'secret': workspace.secret,
}));
// Get User and set it to res object
app.use(function getUser(req, res, next) {
var uid = req.session.userId;
if(uid) {
// Pause request stream
req.pause();
return workspace.getUser(uid)
.then(function(user) {
// Set user
app.configure(function () {
app.set("views", __dirname + "/views");
app.set("view engine", "vash");
app.use(express.favicon());
app.use(express.logger("dev"));
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.cookieParser());
app.use(express.cookieSession({ secret: "keyboard cat" }));
app.use("/assets", express.static(assetsDir));
app.use(scriptEnumerator(assetsDir));
app.use(app.router);
app.use(function logErrors(err, req, res, next) {
console.error(err ? err.stack || err : err);
next(err);
});
app.use(express.errorHandler());
});
app.configure(function(){
app.set('views', __dirname + '/views');
app.set('view engine', 'ejs');
app.use(express.compress());
app.use(express.staticCache());
app.use(express.static(__dirname + '/static', {maxAge: 86400000}));
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.cookieParser());
app.use(express.cookieSession({cookie:{path:'/',httpOnly:true,maxAge:null},secret:'skeletor'}));
app.use(app.router);
});
app.configure(function() {
//cookieParser should be above session
app.use(express.cookieParser());
//bodyParser should be above methodOverride
app.use(express.bodyParser());
app.use(express.methodOverride());
//express/redis session storage
app.use(express.cookieSession({
secret: secret_key,
store: new redisStore({
host: 'localhost',
port: 6379
}),
cookie: {
maxAge: 1000 * 60 * 240
}
}));
//connect flash for flash messages
app.use(flash());
//dynamic helpers
app.use(helpers(config.app.name));
}))
app.use(helmet.xssFilter())
app.use(helmet.nosniff())
app.use(helmet.xframe('sameorigin'))
var ninetyDaysInMilliseconds = 90 * 24 * 60 * 60 * 1000
app.use(helmet.hsts({
maxAge: ninetyDaysInMilliseconds,
includeSubdomains: true
}))
}
var anHour = 1000*60*60
app.use(express.bodyParser())
app.use(express.cookieParser(process.env.COOKIE_SALT))
app.use(express.cookieSession({
proxy: true,
cookie: {
maxAge: anHour,
httpOnly: true,
secure: isProduction()
}
}))
app.use(express.compress())
var cacheControl = isProduction() ? { maxAge: anHour } : null
app.use(express.static(path.join(__dirname, '..', 'build'), cacheControl))
app.post('/register', validateAuthParams(false), function(req, res) {
var name = req.body.wallet_id
auth.register(name, req.body.pin, function(err, token){
if(err) {