All files / lib/middlewares csrfVerify.ts

16.67% Statements 2/12
0% Branches 0/10
50% Functions 1/2
16.67% Lines 2/12

Press n or j to go to the next uncovered block, b, p or k for the previous block. 



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25 
 
 
16x
 
 
16x
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
import Crowi from 'server/crowi'
import Debug from 'debug'
 
const debug = Debug('crowi:middlewares:csrfVerify')
 
export default (crowi: Crowi) => {
  return (req, res, next) => {
    const token = req.body._csrf || req.query._csrf || null
    const csrfKey = (req.session && req.session.id) || 'anon'
 
    debug('req.skipCsrfVerify', req.skipCsrfVerify)
    if (req.skipCsrfVerify) {
      debug('csrf verify skipped')
      return next()
    }
 
    if (crowi.getTokens().verify(csrfKey, token)) {
      return next()
    }
 
    debug('csrf verification failed. return 403', csrfKey, token)
    return res.sendStatus(403)
  }
}
 
Code coverage generated by istanbul at Sun Sep 01 2019 00:39:54 GMT+0900 (Japan Standard Time)