Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

express-user

Package Overview
Dependencies
Maintainers
1
Versions
23
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

express-user - npm Package Compare versions

Comparing version 0.0.1-alpha.9 to 0.0.1-alpha.10

example/Views/Index.ejs
example/Views/Index.ejs~

29

example/Example.js

@@ -5,5 +5,7 @@ //Copyright (c) 2015 Eric Vallee <eric_vallee2003@yahoo.ca>

var Http = require('http');
var Path = require('path');
var Express = require('express');
var Path = require('path');
var BodyParser = require('body-parser');
var Csrf = require('csurf');

@@ -28,5 +30,9 @@ var MongoDB = require('mongodb');

var ExpressBruteOptions = {'freeRetries': 10, 'minWait': Wait, 'maxWait': Wait, 'lifetime': 60*60, 'refreshTimeoutOnRequest': false};
var StaticPath = Path.resolve(__dirname, 'Static');
var Index = Path.resolve(Path.resolve(__dirname, "Views"), "Index.html");
App.set("view engine", "ejs");
App.set("views", Path.resolve(__dirname, "Views"));
var CsrfRoute = Csrf({ cookie: false });
MongoDB.MongoClient.connect("mongodb://localhost:27017/"+RandomIdentifier, {native_parser:true}, function(Err, DB) {

@@ -36,3 +42,3 @@ DB.createCollection('PasswordAccess', {'w': 1}, function(Err, BruteCollection) {

var ExpressBrute = new ExpressBruteAPI(BruteStore, ExpressBruteOptions);
var ExpressUserLocalOptions = {'BruteForceRoute': ExpressBrute.prevent};
var ExpressUserLocalOptions = {'BruteForceRoute': ExpressBrute.prevent, 'CsrfRoute': CsrfRoute};
UserStoreAPI(DB, {'Email': {'Unique': 1, 'NotNull': 1}, 'Username': {'Unique': 1, 'NotNull': 1}, 'Password': {'NotNull': 1}}, function(Err, UserStore) {

@@ -95,6 +101,19 @@ SessionStoreAPI(DB, function(Err, SessionStore) {

App.get('/', function(Req,Res) {
Res.sendFile(Index);
App.get('/', CsrfRoute);
App.get('/', function(Req, Res) {
Res.render("Index", {'CsrfToken': Req.csrfToken()});
});
App.use('/', function(Err, Req, Res, Next) {
if(Err.code !== 'EBADCSRFTOKEN')
{
next(Err);
return;
}
else
{
Res.status(403).end();
}
});
Http.createServer(App).listen(8080);

@@ -101,0 +120,0 @@ }, SessionStoreOptions);

5

example/Static/ClientLogic.js

@@ -24,2 +24,7 @@ //Copyright (c) 2015 Eric Vallee <eric_vallee2003@yahoo.ca>

});
var Csrf = this.children('input[name=_csrf]');
Csrf.each(function(Index, Element) {
var WrappedElement = jQuery(Element);
ToReturn[WrappedElement.attr('name')] = WrappedElement.val();
});
return ToReturn;

@@ -26,0 +31,0 @@ }

6

package.json
{
"name": "express-user",
"version": "0.0.1-alpha.9",
"version": "0.0.1-alpha.10",
"description": "Ressource Oriented Express Middleware to Manage Users.",

@@ -40,3 +40,5 @@ "keywords": [

"express-brute": "~0.5.2",
"express-brute-mongo": "~0.1.0"
"express-brute-mongo": "~0.1.0",
"csurf": "~1.7.0",
"ejs": "~2.2.4"
},

@@ -43,0 +45,0 @@ "license": "MIT",

6

README.md

@@ -233,1 +233,7 @@ Express-User

- Updated the client-side of the example to changes made to express-user-local.
0.0.1-alpha.10
--------------
- Updated dev dependency of express-user-local to 0.0.1-alpha.7.
- Modified example (client and server) to include csrf mitigation.
example/Views/Index.html
example/Example.js~

Sorry, the diff of this file is not supported yet

example/Static/ClientLogic.js~

Sorry, the diff of this file is not supported yet

package.json~

Sorry, the diff of this file is not supported yet

README.md~

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc