hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

renamed middleware to applyCSRF, re: #2082

Browse Source
v1.18.x
Julian Lam 11 years ago
parent 0b7a21b8d1
commit cd135dda13
5 changed files with 30 additions and 30 deletions
Show Stats Download Patch File Download Diff File

2
src/middleware/middleware.js
Unescape Escape View File

@ -34,7 +34,7 @@ middleware.authenticate = function(req, res, next) {
} }
}; };
middleware.requireCSRF = csrf(); middleware.applyCSRF = csrf();
middleware.ensureLoggedIn = ensureLoggedIn.ensureLoggedIn(); middleware.ensureLoggedIn = ensureLoggedIn.ensureLoggedIn();

20
src/routes/admin.js
Unescape Escape View File

@ -9,8 +9,8 @@ function mainRoutes(app, middleware, controllers) {
app.get('/admin/plugins', middleware.admin.buildHeader, controllers.admin.plugins.get); app.get('/admin/plugins', middleware.admin.buildHeader, controllers.admin.plugins.get);
app.get('/api/admin/plugins', controllers.admin.plugins.get); app.get('/api/admin/plugins', controllers.admin.plugins.get);
app.get('/admin/settings', middleware.requireCSRF, middleware.admin.buildHeader, controllers.admin.settings.get); app.get('/admin/settings', middleware.applyCSRF, middleware.admin.buildHeader, controllers.admin.settings.get);
app.get('/api/admin/settings', middleware.requireCSRF, controllers.admin.settings.get); app.get('/api/admin/settings', middleware.applyCSRF, controllers.admin.settings.get);
app.get('/admin/themes', middleware.admin.buildHeader, controllers.admin.themes.get); app.get('/admin/themes', middleware.admin.buildHeader, controllers.admin.themes.get);
app.get('/api/admin/themes', controllers.admin.themes.get); app.get('/api/admin/themes', controllers.admin.themes.get);
@ -43,11 +43,11 @@ function userRoutes(app, middleware, controllers) {
} }
function forumRoutes(app, middleware, controllers) { function forumRoutes(app, middleware, controllers) {
app.get('/admin/categories/active', middleware.requireCSRF, middleware.admin.buildHeader, controllers.admin.categories.active); app.get('/admin/categories/active', middleware.applyCSRF, middleware.admin.buildHeader, controllers.admin.categories.active);
app.get('/api/admin/categories/active', middleware.requireCSRF, controllers.admin.categories.active); app.get('/api/admin/categories/active', middleware.applyCSRF, controllers.admin.categories.active);
app.get('/admin/categories/disabled', middleware.requireCSRF, middleware.admin.buildHeader, controllers.admin.categories.disabled); app.get('/admin/categories/disabled', middleware.applyCSRF, middleware.admin.buildHeader, controllers.admin.categories.disabled);
app.get('/api/admin/categories/disabled', middleware.requireCSRF, controllers.admin.categories.disabled); app.get('/api/admin/categories/disabled', middleware.applyCSRF, controllers.admin.categories.disabled);
app.get('/admin/tags', middleware.admin.buildHeader, controllers.admin.tags.get); app.get('/admin/tags', middleware.admin.buildHeader, controllers.admin.tags.get);
app.get('/api/admin/tags', controllers.admin.tags.get); app.get('/api/admin/tags', controllers.admin.tags.get);
@ -57,10 +57,10 @@ function apiRoutes(app, middleware, controllers) {
// todo, needs to be in api namespace // todo, needs to be in api namespace
app.get('/admin/users/csv', middleware.authenticate, controllers.admin.users.getCSV); app.get('/admin/users/csv', middleware.authenticate, controllers.admin.users.getCSV);
app.post('/admin/category/uploadpicture', middleware.requireCSRF, middleware.authenticate, controllers.admin.uploads.uploadCategoryPicture); app.post('/admin/category/uploadpicture', middleware.applyCSRF, middleware.authenticate, controllers.admin.uploads.uploadCategoryPicture);
app.post('/admin/uploadfavicon', middleware.requireCSRF, middleware.authenticate, controllers.admin.uploads.uploadFavicon); app.post('/admin/uploadfavicon', middleware.applyCSRF, middleware.authenticate, controllers.admin.uploads.uploadFavicon);
app.post('/admin/uploadlogo', middleware.requireCSRF, middleware.authenticate, controllers.admin.uploads.uploadLogo); app.post('/admin/uploadlogo', middleware.applyCSRF, middleware.authenticate, controllers.admin.uploads.uploadLogo);
app.post('/admin/uploadgravatardefault', middleware.requireCSRF, middleware.authenticate, controllers.admin.uploads.uploadGravatarDefault); app.post('/admin/uploadgravatardefault', middleware.applyCSRF, middleware.authenticate, controllers.admin.uploads.uploadGravatarDefault);
} }
function miscRoutes(app, middleware, controllers) { function miscRoutes(app, middleware, controllers) {

6
src/routes/api.js
Unescape Escape View File

@ -203,8 +203,8 @@ module.exports = function(app, middleware, controllers) {
router.get('/categories/:cid/moderators', getModerators); router.get('/categories/:cid/moderators', getModerators);
router.get('/recent/posts/:term?', getRecentPosts); router.get('/recent/posts/:term?', getRecentPosts);
router.post('/post/upload', middleware.requireCSRF, uploadPost); router.post('/post/upload', middleware.applyCSRF, uploadPost);
router.post('/topic/thumb/upload', middleware.requireCSRF, uploadThumb); router.post('/topic/thumb/upload', middleware.applyCSRF, uploadThumb);
router.post('/user/:userslug/uploadpicture', middleware.requireCSRF, middleware.authenticate, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.uploadPicture); router.post('/user/:userslug/uploadpicture', middleware.applyCSRF, middleware.authenticate, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.uploadPicture);
}; };

4
src/routes/authentication.js
Unescape Escape View File

@ -197,8 +197,8 @@
/* End backwards compatibility block */ /* End backwards compatibility block */
app.post('/logout', logout); app.post('/logout', logout);
app.post('/register', middleware.requireCSRF, register); app.post('/register', middleware.applyCSRF, register);
app.post('/login', middleware.requireCSRF, login); app.post('/login', middleware.applyCSRF, login);
}); });
}); });
}; };

28
src/routes/index.js
Unescape Escape View File

@ -21,11 +21,11 @@ function mainRoutes(app, middleware, controllers) {
app.get('/', middleware.buildHeader, controllers.home); app.get('/', middleware.buildHeader, controllers.home);
app.get('/api', controllers.home); app.get('/api', controllers.home);
app.get('/login', middleware.requireCSRF, middleware.redirectToAccountIfLoggedIn, middleware.buildHeader, controllers.login); app.get('/login', middleware.applyCSRF, middleware.redirectToAccountIfLoggedIn, middleware.buildHeader, controllers.login);
app.get('/api/login', middleware.requireCSRF, middleware.redirectToAccountIfLoggedIn, controllers.login); app.get('/api/login', middleware.applyCSRF, middleware.redirectToAccountIfLoggedIn, controllers.login);
app.get('/register', middleware.requireCSRF, middleware.redirectToAccountIfLoggedIn, middleware.buildHeader, controllers.register); app.get('/register', middleware.applyCSRF, middleware.redirectToAccountIfLoggedIn, middleware.buildHeader, controllers.register);
app.get('/api/register', middleware.requireCSRF, middleware.redirectToAccountIfLoggedIn, controllers.register); app.get('/api/register', middleware.applyCSRF, middleware.redirectToAccountIfLoggedIn, controllers.register);
app.get('/confirm/:code', middleware.buildHeader, controllers.confirmEmail); app.get('/confirm/:code', middleware.buildHeader, controllers.confirmEmail);
app.get('/api/confirm/:code', controllers.confirmEmail); app.get('/api/confirm/:code', controllers.confirmEmail);
@ -54,11 +54,11 @@ function staticRoutes(app, middleware, controllers) {
function topicRoutes(app, middleware, controllers) { function topicRoutes(app, middleware, controllers) {
app.get('/api/topic/teaser/:topic_id', controllers.topics.teaser); app.get('/api/topic/teaser/:topic_id', controllers.topics.teaser);
app.get('/topic/:topic_id/:slug/:post_index?', middleware.requireCSRF, middleware.buildHeader, middleware.checkPostIndex, controllers.topics.get); app.get('/topic/:topic_id/:slug/:post_index?', middleware.applyCSRF, middleware.buildHeader, middleware.checkPostIndex, controllers.topics.get);
app.get('/api/topic/:topic_id/:slug/:post_index?', middleware.requireCSRF, middleware.checkPostIndex, controllers.topics.get); app.get('/api/topic/:topic_id/:slug/:post_index?', middleware.applyCSRF, middleware.checkPostIndex, controllers.topics.get);
app.get('/topic/:topic_id/:slug?', middleware.requireCSRF, middleware.buildHeader, middleware.addSlug, controllers.topics.get); app.get('/topic/:topic_id/:slug?', middleware.applyCSRF, middleware.buildHeader, middleware.addSlug, controllers.topics.get);
app.get('/api/topic/:topic_id/:slug?', middleware.requireCSRF, middleware.addSlug, controllers.topics.get); app.get('/api/topic/:topic_id/:slug?', middleware.applyCSRF, middleware.addSlug, controllers.topics.get);
} }
function tagRoutes(app, middleware, controllers) { function tagRoutes(app, middleware, controllers) {
@ -82,11 +82,11 @@ function categoryRoutes(app, middleware, controllers) {
app.get('/api/unread/total', middleware.authenticate, controllers.categories.unreadTotal); app.get('/api/unread/total', middleware.authenticate, controllers.categories.unreadTotal);
app.get('/category/:category_id/:slug/:topic_index', middleware.requireCSRF, middleware.buildHeader, middleware.checkTopicIndex, controllers.categories.get); app.get('/category/:category_id/:slug/:topic_index', middleware.applyCSRF, middleware.buildHeader, middleware.checkTopicIndex, controllers.categories.get);
app.get('/api/category/:category_id/:slug/:topic_index', middleware.requireCSRF, middleware.checkTopicIndex, controllers.categories.get); app.get('/api/category/:category_id/:slug/:topic_index', middleware.applyCSRF, middleware.checkTopicIndex, controllers.categories.get);
app.get('/category/:category_id/:slug?', middleware.requireCSRF, middleware.buildHeader, middleware.addSlug, controllers.categories.get); app.get('/category/:category_id/:slug?', middleware.applyCSRF, middleware.buildHeader, middleware.addSlug, controllers.categories.get);
app.get('/api/category/:category_id/:slug?', middleware.requireCSRF, controllers.categories.get); app.get('/api/category/:category_id/:slug?', middleware.applyCSRF, controllers.categories.get);
} }
function accountRoutes(app, middleware, controllers) { function accountRoutes(app, middleware, controllers) {
@ -108,8 +108,8 @@ function accountRoutes(app, middleware, controllers) {
app.get('/user/:userslug/topics', middleware.buildHeader, middleware.checkGlobalPrivacySettings, controllers.accounts.getTopics); app.get('/user/:userslug/topics', middleware.buildHeader, middleware.checkGlobalPrivacySettings, controllers.accounts.getTopics);
app.get('/api/user/:userslug/topics', middleware.checkGlobalPrivacySettings, controllers.accounts.getTopics); app.get('/api/user/:userslug/topics', middleware.checkGlobalPrivacySettings, controllers.accounts.getTopics);
app.get('/user/:userslug/edit', middleware.requireCSRF, middleware.buildHeader, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.accountEdit); app.get('/user/:userslug/edit', middleware.applyCSRF, middleware.buildHeader, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.accountEdit);
app.get('/api/user/:userslug/edit', middleware.requireCSRF, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.accountEdit); app.get('/api/user/:userslug/edit', middleware.applyCSRF, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.accountEdit);
app.get('/user/:userslug/settings', middleware.buildHeader, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.accountSettings); app.get('/user/:userslug/settings', middleware.buildHeader, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.accountSettings);
app.get('/api/user/:userslug/settings', middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.accountSettings); app.get('/api/user/:userslug/settings', middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.accountSettings);

Write Preview
Loading…
Cancel
Save