Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

crumb

Package Overview
Dependencies
Maintainers
1
Versions
46
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

crumb - npm Package Compare versions

Comparing version 0.1.3 to 0.2.0

50

lib/index.js

@@ -25,3 +25,3 @@ // Load modules

key: 'crumb', // query or payload key
source: 'payload' // Crunm key source: 'payload', 'query'
source: 'payload' // Crumb key source: 'payload', 'query'
};

@@ -36,8 +36,15 @@

pack.ext('onPreHandler', function (request, next) {
pack.ext('onPostAuth', function (request, next) {
// Validate incoming crumb
if (!request.route.plugins._crumb) {
request.route.plugins._crumb = Hoek.applyToDefaults(internals.routeDefaults, request.route.plugins.crumb);
if (typeof request.route.plugins._crumb === 'undefined') {
if (request.route.plugins.crumb ||
!request.route.plugins.hasOwnProperty('crumb')) {
request.route.plugins._crumb = Hoek.applyToDefaults(internals.routeDefaults, request.route.plugins.crumb || {});
}
else {
request.route.plugins._crumb = false;
}
}

@@ -55,28 +62,37 @@

if (request.route.plugins._crumb) {
var crumb = request[request.route.plugins._crumb.source][request.route.plugins._crumb.key];
if (crumb !== request.plugins.crumb) {
return next(Boom.forbidden());
}
if (request.method !== 'post' ||
!request.route.plugins._crumb) {
// Remove crumb
return next();
}
delete request[request.route.plugins._crumb.source][request.route.plugins._crumb.key];
var content = request[request.route.plugins._crumb.source];
if (!content) {
return next(Boom.forbidden());
}
if (content[request.route.plugins._crumb.key] !== request.plugins.crumb) {
return next(Boom.forbidden());
}
// Remove crumb
delete request[request.route.plugins._crumb.source][request.route.plugins._crumb.key];
return next();
});
pack.ext('onPostHandler', function (request, next) {
pack.ext('onPreResponse', function (request, next) {
// Add to view context
var response = request.response();
if (settings.addToViewContext &&
request.plugins.crumb &&
request.response &&
!request.response.isBoom &&
request.response.varieties.view) {
!response.isBoom &&
response.varieties.view) {
request.response.view.context = request.response.view.context || {};
request.response.view.context.crumb = request.plugins.crumb;
response.view.context = response.view.context || {};
response.view.context.crumb = request.plugins.crumb;
}

@@ -83,0 +99,0 @@

{
"name": "crumb",
"description": "CSRF crumb generation plugin",
"version": "0.1.3",
"version": "0.2.0",
"author": "Eran Hammer <eran@hueniverse.com> (http://hueniverse.com)",

@@ -21,20 +21,16 @@ "contributors": [],

"boom": "0.3.x",
"hoek": "0.6.x",
"hoek": "0.7.x",
"cryptiles": "0.1.x"
},
"peerDependencies": {
"hapi": "0.15.x"
"hapi": "0.16.x"
},
"devDependencies": {
"hapi": "0.15.x",
"mocha": "1.x.x",
"chai": "1.x.x",
"hapi": "0.16.x",
"handlebars": "1.0.x",
"blanket": "1.0.x",
"travis-cov": "0.2.x"
"lab": "0.0.x",
"complexity-report": "0.x.x"
},
"scripts": {
"test": "make test && make test-cov",
"blanket": { "pattern": "//^((?!\/node_modules\/)(?!\/test\/).)*$/ig", "onlyCwd": true, "data-cover-flags": { "branchTracking": true } },
"travis-cov": { "threshold": 100 }
"test": "make test-cov"
},

@@ -41,0 +37,0 @@ "licenses": [

// Load modules
var Chai = require('chai');
var Lab = require('lab');
var Hapi = require('hapi');
var Crumb = require('../lib');
var Crumb = require('../');

@@ -15,3 +15,7 @@

var expect = Chai.expect;
var expect = Lab.expect;
var before = Lab.before;
var after = Lab.after;
var describe = Lab.experiment;
var it = Lab.test;

@@ -36,3 +40,3 @@

{
method: 'GET', path: '/1', handler: function () {
method: 'GET', path: '/1', config: { plugins: { crumb: false } }, handler: function () {

@@ -49,3 +53,3 @@ expect(this.plugins.crumb).to.exist;

{
method: 'POST', path: '/2', config: { plugins: { crumb: true } }, handler: function () {
method: 'POST', path: '/2', handler: function () {

@@ -55,2 +59,8 @@ expect(this.payload).to.deep.equal({ key: 'value' });

}
},
{
method: 'POST', path: '/3', config: { payload: 'stream' }, handler: function () {
return this.reply('never');
}
}

@@ -64,3 +74,3 @@ ]);

var header = res.headers['Set-Cookie'];
var header = res.headers['set-cookie'];
expect(header.length).to.equal(1);

@@ -79,3 +89,8 @@ expect(header[0]).to.contain('Secure');

expect(res.statusCode).to.equal(403);
done();
server.inject({ method: 'POST', url: '/3', headers: { cookie: 'crumb=' + cookie[1] } }, function (res) {
expect(res.statusCode).to.equal(403);
done();
});
});

@@ -82,0 +97,0 @@ });

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc