renamed middleware to applyCSRF, re: #2082

src/middleware/middleware.js

@@ -34,7 +34,7 @@ middleware.authenticate = function(req, res, next) {
 	}
 };
 
-middleware.requireCSRF = csrf();
+middleware.applyCSRF = csrf();
 
 middleware.ensureLoggedIn = ensureLoggedIn.ensureLoggedIn();
 

src/routes/admin.js

@@ -9,8 +9,8 @@ function mainRoutes(app, middleware, controllers) {
 	app.get('/admin/plugins', middleware.admin.buildHeader, controllers.admin.plugins.get);
 	app.get('/api/admin/plugins', controllers.admin.plugins.get);
 
-	app.get('/admin/settings', middleware.requireCSRF, middleware.admin.buildHeader, controllers.admin.settings.get);
-	app.get('/api/admin/settings', middleware.requireCSRF, controllers.admin.settings.get);
+	app.get('/admin/settings', middleware.applyCSRF, middleware.admin.buildHeader, controllers.admin.settings.get);
+	app.get('/api/admin/settings', middleware.applyCSRF, controllers.admin.settings.get);
 
 	app.get('/admin/themes', middleware.admin.buildHeader, controllers.admin.themes.get);
 	app.get('/api/admin/themes', controllers.admin.themes.get);
@@ -43,11 +43,11 @@ function userRoutes(app, middleware, controllers) {
 }
 
 function forumRoutes(app, middleware, controllers) {
-	app.get('/admin/categories/active', middleware.requireCSRF, middleware.admin.buildHeader, controllers.admin.categories.active);
-	app.get('/api/admin/categories/active', middleware.requireCSRF, controllers.admin.categories.active);
+	app.get('/admin/categories/active', middleware.applyCSRF, middleware.admin.buildHeader, controllers.admin.categories.active);
+	app.get('/api/admin/categories/active', middleware.applyCSRF, controllers.admin.categories.active);
 
-	app.get('/admin/categories/disabled', middleware.requireCSRF, middleware.admin.buildHeader, controllers.admin.categories.disabled);
-	app.get('/api/admin/categories/disabled', middleware.requireCSRF, controllers.admin.categories.disabled);
+	app.get('/admin/categories/disabled', middleware.applyCSRF, middleware.admin.buildHeader, controllers.admin.categories.disabled);
+	app.get('/api/admin/categories/disabled', middleware.applyCSRF, controllers.admin.categories.disabled);
 
 	app.get('/admin/tags', middleware.admin.buildHeader, controllers.admin.tags.get);
 	app.get('/api/admin/tags', controllers.admin.tags.get);
@@ -57,10 +57,10 @@ function apiRoutes(app, middleware, controllers) {
 	// todo, needs to be in api namespace
 	app.get('/admin/users/csv', middleware.authenticate, controllers.admin.users.getCSV);
 
-	app.post('/admin/category/uploadpicture', middleware.requireCSRF, middleware.authenticate, controllers.admin.uploads.uploadCategoryPicture);
-	app.post('/admin/uploadfavicon', middleware.requireCSRF, middleware.authenticate, controllers.admin.uploads.uploadFavicon);
-	app.post('/admin/uploadlogo', middleware.requireCSRF, middleware.authenticate, controllers.admin.uploads.uploadLogo);
-	app.post('/admin/uploadgravatardefault', middleware.requireCSRF, middleware.authenticate, controllers.admin.uploads.uploadGravatarDefault);
+	app.post('/admin/category/uploadpicture', middleware.applyCSRF, middleware.authenticate, controllers.admin.uploads.uploadCategoryPicture);
+	app.post('/admin/uploadfavicon', middleware.applyCSRF, middleware.authenticate, controllers.admin.uploads.uploadFavicon);
+	app.post('/admin/uploadlogo', middleware.applyCSRF, middleware.authenticate, controllers.admin.uploads.uploadLogo);
+	app.post('/admin/uploadgravatardefault', middleware.applyCSRF, middleware.authenticate, controllers.admin.uploads.uploadGravatarDefault);
 }
 
 function miscRoutes(app, middleware, controllers) {

src/routes/api.js

@@ -203,8 +203,8 @@ module.exports =  function(app, middleware, controllers) {
 	router.get('/categories/:cid/moderators', getModerators);
 	router.get('/recent/posts/:term?', getRecentPosts);
 
-	router.post('/post/upload', middleware.requireCSRF, uploadPost);
-	router.post('/topic/thumb/upload', middleware.requireCSRF, uploadThumb);
-	router.post('/user/:userslug/uploadpicture', middleware.requireCSRF, middleware.authenticate, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.uploadPicture);
+	router.post('/post/upload', middleware.applyCSRF, uploadPost);
+	router.post('/topic/thumb/upload', middleware.applyCSRF, uploadThumb);
+	router.post('/user/:userslug/uploadpicture', middleware.applyCSRF, middleware.authenticate, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.uploadPicture);
 
 };

src/routes/authentication.js

@@ -197,8 +197,8 @@
 				/* End backwards compatibility block */
 
 				app.post('/logout', logout);
-				app.post('/register', middleware.requireCSRF, register);
-				app.post('/login', middleware.requireCSRF, login);
+				app.post('/register', middleware.applyCSRF, register);
+				app.post('/login', middleware.applyCSRF, login);
 			});
 		});
 	};

src/routes/index.js

@@ -21,11 +21,11 @@ function mainRoutes(app, middleware, controllers) {
 	app.get('/', middleware.buildHeader, controllers.home);
 	app.get('/api', controllers.home);
 
-	app.get('/login', middleware.requireCSRF, middleware.redirectToAccountIfLoggedIn, middleware.buildHeader, controllers.login);
-	app.get('/api/login', middleware.requireCSRF, middleware.redirectToAccountIfLoggedIn, controllers.login);
+	app.get('/login', middleware.applyCSRF, middleware.redirectToAccountIfLoggedIn, middleware.buildHeader, controllers.login);
+	app.get('/api/login', middleware.applyCSRF, middleware.redirectToAccountIfLoggedIn, controllers.login);
 
-	app.get('/register', middleware.requireCSRF, middleware.redirectToAccountIfLoggedIn, middleware.buildHeader, controllers.register);
-	app.get('/api/register', middleware.requireCSRF, middleware.redirectToAccountIfLoggedIn, controllers.register);
+	app.get('/register', middleware.applyCSRF, middleware.redirectToAccountIfLoggedIn, middleware.buildHeader, controllers.register);
+	app.get('/api/register', middleware.applyCSRF, middleware.redirectToAccountIfLoggedIn, controllers.register);
 
 	app.get('/confirm/:code', middleware.buildHeader, controllers.confirmEmail);
 	app.get('/api/confirm/:code', controllers.confirmEmail);
@@ -54,11 +54,11 @@ function staticRoutes(app, middleware, controllers) {
 function topicRoutes(app, middleware, controllers) {
 	app.get('/api/topic/teaser/:topic_id', controllers.topics.teaser);
 
-	app.get('/topic/:topic_id/:slug/:post_index?', middleware.requireCSRF, middleware.buildHeader, middleware.checkPostIndex, controllers.topics.get);
-	app.get('/api/topic/:topic_id/:slug/:post_index?', middleware.requireCSRF, middleware.checkPostIndex, controllers.topics.get);
+	app.get('/topic/:topic_id/:slug/:post_index?', middleware.applyCSRF, middleware.buildHeader, middleware.checkPostIndex, controllers.topics.get);
+	app.get('/api/topic/:topic_id/:slug/:post_index?', middleware.applyCSRF, middleware.checkPostIndex, controllers.topics.get);
 
-	app.get('/topic/:topic_id/:slug?', middleware.requireCSRF, middleware.buildHeader, middleware.addSlug, controllers.topics.get);
-	app.get('/api/topic/:topic_id/:slug?', middleware.requireCSRF, middleware.addSlug, controllers.topics.get);
+	app.get('/topic/:topic_id/:slug?', middleware.applyCSRF, middleware.buildHeader, middleware.addSlug, controllers.topics.get);
+	app.get('/api/topic/:topic_id/:slug?', middleware.applyCSRF, middleware.addSlug, controllers.topics.get);
 }
 
 function tagRoutes(app, middleware, controllers) {
@@ -82,11 +82,11 @@ function categoryRoutes(app, middleware, controllers) {
 
 	app.get('/api/unread/total', middleware.authenticate, controllers.categories.unreadTotal);
 
-	app.get('/category/:category_id/:slug/:topic_index', middleware.requireCSRF, middleware.buildHeader, middleware.checkTopicIndex, controllers.categories.get);
-	app.get('/api/category/:category_id/:slug/:topic_index', middleware.requireCSRF, middleware.checkTopicIndex, controllers.categories.get);
+	app.get('/category/:category_id/:slug/:topic_index', middleware.applyCSRF, middleware.buildHeader, middleware.checkTopicIndex, controllers.categories.get);
+	app.get('/api/category/:category_id/:slug/:topic_index', middleware.applyCSRF, middleware.checkTopicIndex, controllers.categories.get);
 
-	app.get('/category/:category_id/:slug?', middleware.requireCSRF, middleware.buildHeader, middleware.addSlug, controllers.categories.get);
-	app.get('/api/category/:category_id/:slug?', middleware.requireCSRF, controllers.categories.get);
+	app.get('/category/:category_id/:slug?', middleware.applyCSRF, middleware.buildHeader, middleware.addSlug, controllers.categories.get);
+	app.get('/api/category/:category_id/:slug?', middleware.applyCSRF, controllers.categories.get);
 }
 
 function accountRoutes(app, middleware, controllers) {
@@ -108,8 +108,8 @@ function accountRoutes(app, middleware, controllers) {
 	app.get('/user/:userslug/topics', middleware.buildHeader, middleware.checkGlobalPrivacySettings, controllers.accounts.getTopics);
 	app.get('/api/user/:userslug/topics', middleware.checkGlobalPrivacySettings, controllers.accounts.getTopics);
 
-	app.get('/user/:userslug/edit', middleware.requireCSRF, middleware.buildHeader, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.accountEdit);
-	app.get('/api/user/:userslug/edit', middleware.requireCSRF, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.accountEdit);
+	app.get('/user/:userslug/edit', middleware.applyCSRF, middleware.buildHeader, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.accountEdit);
+	app.get('/api/user/:userslug/edit', middleware.applyCSRF, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.accountEdit);
 
 	app.get('/user/:userslug/settings', middleware.buildHeader, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.accountSettings);
 	app.get('/api/user/:userslug/settings', middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.accountSettings);