Comparing version 0.0.8 to 0.0.9
@@ -12,3 +12,3 @@ // Load modules | ||
internals.config = { | ||
internals.defaults = { | ||
name: 'crumb', | ||
@@ -18,3 +18,3 @@ size: 43, // Equal to 256 bits | ||
addToViewContext: true, // If response is a view, add crumb to context | ||
options: { // Cookie options (i.e. hapi server.state) | ||
cookieOptions: { // Cookie options (i.e. hapi server.state) | ||
path: '/' | ||
@@ -33,75 +33,74 @@ } | ||
Hoek.merge(internals.config, options); | ||
var settings = Hoek.applyToDefaults(internals.defaults, options || {}); | ||
pack.state(internals.config.name, internals.config.options); | ||
pack.ext('onPreHandler', internals.onPreHandler); | ||
pack.ext('onPostHandler', internals.onPostHandler); | ||
pack.api({ generate: internals.generate }); | ||
pack.state(settings.name, settings.cookieOptions); | ||
return next(); | ||
}; | ||
pack.ext('onPreHandler', function (request, next) { | ||
// Validate incoming crumb | ||
internals.generate = function (request) { | ||
if (!request.route.plugins._crumb) { | ||
request.route.plugins._crumb = Hoek.applyToDefaults(internals.routeDefaults, request.route.plugins.crumb); | ||
} | ||
var crumb = request.state[internals.config.name]; | ||
if (!crumb) { | ||
crumb = Cryptiles.randomString(internals.config.size); | ||
request.setState(internals.config.name, crumb, internals.config.options); | ||
} | ||
// Set crumb cookie and calculate crumb | ||
request.plugins.crumb = crumb; | ||
return request.plugins.crumb; | ||
}; | ||
if (settings.autoGenerate || | ||
request.route.plugins._crumb) { | ||
generate(request); | ||
} | ||
internals.onPreHandler = function (request, next) { | ||
// Validate crumb | ||
// Validate incoming crumb | ||
if (request.route.plugins._crumb) { | ||
var crumb = request[request.route.plugins._crumb.source][request.route.plugins._crumb.key]; | ||
if (crumb !== request.plugins.crumb) { | ||
return next(Boom.forbidden()); | ||
} | ||
if (!request.route.plugins._crumb) { | ||
request.route.plugins._crumb = Hoek.applyToDefaults(internals.routeDefaults, request.route.plugins.crumb); | ||
} | ||
// Remove crumb | ||
// Set crumb cookie and calculate crumb | ||
delete request[request.route.plugins._crumb.source][request.route.plugins._crumb.key]; | ||
} | ||
if (internals.config.autoGenerate || | ||
request.route.plugins._crumb) { | ||
return next(); | ||
}); | ||
internals.generate(request); | ||
} | ||
pack.ext('onPostHandler', function (request, next) { | ||
// Validate crumb | ||
// Add to view context | ||
if (request.route.plugins._crumb) { | ||
var crumb = request[request.route.plugins._crumb.source][request.route.plugins._crumb.key]; | ||
if (crumb !== request.plugins.crumb) { | ||
return next(Boom.forbidden()); | ||
if (settings.addToViewContext && | ||
request.plugins.crumb && | ||
request.response && | ||
!request.response.isBoom && | ||
request.response.varieties.view) { | ||
request.response.view.context = request.response.view.context || {}; | ||
request.response.view.context.crumb = request.plugins.crumb; | ||
} | ||
// Remove crumb | ||
return next(); | ||
}); | ||
delete request[request.route.plugins._crumb.source][request.route.plugins._crumb.key]; | ||
} | ||
var generate = function (request) { | ||
return next(); | ||
}; | ||
var crumb = request.state[settings.name]; | ||
if (!crumb) { | ||
crumb = Cryptiles.randomString(settings.size); | ||
request.setState(settings.name, crumb, settings.cookieOptions); | ||
} | ||
request.plugins.crumb = crumb; | ||
return request.plugins.crumb; | ||
}; | ||
internals.onPostHandler = function (request, next) { | ||
pack.api({ generate: generate }); | ||
// Add to view context | ||
return next(); | ||
}; | ||
if (internals.config.addToViewContext && | ||
request.plugins.crumb && | ||
request.response && | ||
!request.response.isBoom && | ||
request.response.varieties.view) { | ||
request.response.view.context = request.response.view.context || {}; | ||
request.response.view.context.crumb = request.plugins.crumb; | ||
} | ||
return next(); | ||
}; | ||
{ | ||
"name": "crumb", | ||
"description": "CSRF crumb generation plugin", | ||
"version": "0.0.8", | ||
"version": "0.0.9", | ||
"author": "Eran Hammer <eran@hueniverse.com> (http://hueniverse.com)", | ||
@@ -6,0 +6,0 @@ "contributors": [], |
@@ -55,15 +55,4 @@ // Load modules | ||
var pluginOptions = { | ||
permissions: { | ||
ext: true | ||
}, | ||
plugin: { | ||
options: { | ||
isSecure: true | ||
} | ||
} | ||
}; | ||
server.plugin().allow({ ext: true }).require('../', { cookieOptions: { isSecure: true } }, function (err) { | ||
server.plugin().require('../', pluginOptions, function (err) { | ||
expect(err).to.not.exist; | ||
@@ -70,0 +59,0 @@ server.inject({ method: 'GET', url: '/1' }, function (res) { |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
54547
123