Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

crumb

Package Overview
Dependencies
Maintainers
1
Versions
46
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

crumb - npm Package Compare versions

Comparing version 0.0.8 to 0.0.9

99

lib/index.js

@@ -12,3 +12,3 @@ // Load modules

internals.config = {
internals.defaults = {
name: 'crumb',

@@ -18,3 +18,3 @@ size: 43, // Equal to 256 bits

addToViewContext: true, // If response is a view, add crumb to context
options: { // Cookie options (i.e. hapi server.state)
cookieOptions: { // Cookie options (i.e. hapi server.state)
path: '/'

@@ -33,75 +33,74 @@ }

Hoek.merge(internals.config, options);
var settings = Hoek.applyToDefaults(internals.defaults, options || {});
pack.state(internals.config.name, internals.config.options);
pack.ext('onPreHandler', internals.onPreHandler);
pack.ext('onPostHandler', internals.onPostHandler);
pack.api({ generate: internals.generate });
pack.state(settings.name, settings.cookieOptions);
return next();
};
pack.ext('onPreHandler', function (request, next) {
// Validate incoming crumb
internals.generate = function (request) {
if (!request.route.plugins._crumb) {
request.route.plugins._crumb = Hoek.applyToDefaults(internals.routeDefaults, request.route.plugins.crumb);
}
var crumb = request.state[internals.config.name];
if (!crumb) {
crumb = Cryptiles.randomString(internals.config.size);
request.setState(internals.config.name, crumb, internals.config.options);
}
// Set crumb cookie and calculate crumb
request.plugins.crumb = crumb;
return request.plugins.crumb;
};
if (settings.autoGenerate ||
request.route.plugins._crumb) {
generate(request);
}
internals.onPreHandler = function (request, next) {
// Validate crumb
// Validate incoming crumb
if (request.route.plugins._crumb) {
var crumb = request[request.route.plugins._crumb.source][request.route.plugins._crumb.key];
if (crumb !== request.plugins.crumb) {
return next(Boom.forbidden());
}
if (!request.route.plugins._crumb) {
request.route.plugins._crumb = Hoek.applyToDefaults(internals.routeDefaults, request.route.plugins.crumb);
}
// Remove crumb
// Set crumb cookie and calculate crumb
delete request[request.route.plugins._crumb.source][request.route.plugins._crumb.key];
}
if (internals.config.autoGenerate ||
request.route.plugins._crumb) {
return next();
});
internals.generate(request);
}
pack.ext('onPostHandler', function (request, next) {
// Validate crumb
// Add to view context
if (request.route.plugins._crumb) {
var crumb = request[request.route.plugins._crumb.source][request.route.plugins._crumb.key];
if (crumb !== request.plugins.crumb) {
return next(Boom.forbidden());
if (settings.addToViewContext &&
request.plugins.crumb &&
request.response &&
!request.response.isBoom &&
request.response.varieties.view) {
request.response.view.context = request.response.view.context || {};
request.response.view.context.crumb = request.plugins.crumb;
}
// Remove crumb
return next();
});
delete request[request.route.plugins._crumb.source][request.route.plugins._crumb.key];
}
var generate = function (request) {
return next();
};
var crumb = request.state[settings.name];
if (!crumb) {
crumb = Cryptiles.randomString(settings.size);
request.setState(settings.name, crumb, settings.cookieOptions);
}
request.plugins.crumb = crumb;
return request.plugins.crumb;
};
internals.onPostHandler = function (request, next) {
pack.api({ generate: generate });
// Add to view context
return next();
};
if (internals.config.addToViewContext &&
request.plugins.crumb &&
request.response &&
!request.response.isBoom &&
request.response.varieties.view) {
request.response.view.context = request.response.view.context || {};
request.response.view.context.crumb = request.plugins.crumb;
}
return next();
};
{
"name": "crumb",
"description": "CSRF crumb generation plugin",
"version": "0.0.8",
"version": "0.0.9",
"author": "Eran Hammer <eran@hueniverse.com> (http://hueniverse.com)",

@@ -6,0 +6,0 @@ "contributors": [],

@@ -55,15 +55,4 @@ // Load modules

var pluginOptions = {
permissions: {
ext: true
},
plugin: {
options: {
isSecure: true
}
}
};
server.plugin().allow({ ext: true }).require('../', { cookieOptions: { isSecure: true } }, function (err) {
server.plugin().require('../', pluginOptions, function (err) {
expect(err).to.not.exist;

@@ -70,0 +59,0 @@ server.inject({ method: 'GET', url: '/1' }, function (res) {

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc