获取无效的csrf令牌

时间:2016-11-02 20:56:56

标签: node.js mongodb

我正在玩node和mongo。我目前有一个简单的网站。该网站正在进行中,直到我实施了csurf模块。我正在关注它的教程,但似乎无法知道它为什么不起作用。

这是我的用户路由(user.js),这是我需要csurf的唯一地方:

var express = require('express');
var router = express.Router();
var csrf = require('csurf');
var passport = require('passport');

var csrfProtection = csrf();
router.use(csrfProtection);

router.get('/profile', isLoggedIn, function(req, res, next) {
    res.render('profile');
});

router.post('/profile', isLoggedIn, function(req, res, next) {

    req.logout();
    res.redirect('/');
});


router.use('/', notLoggedIn, function(req, res, next) {
    next();
});

//GETS THE SIGNUP view
router.get('/signup', function(req, res, next) {
    res.render('signup', {
        csrfToken: req.csrfToken()
    });
});

router.get('/signin', function(req, res, next) {
    res.render('signin', {
        csrfToken: req.csrfToken()
    });
});

//HAPPENS WHEN THE USER CLICKS SUBMIT POST
router.post('/signup', passport.authenticate('local.signup', {
    successRedirect: '/user/profile',
    failureRedirect: '/user/signup',
    failureFlash: true

}));

router.post('/signin', passport.authenticate('local.signin', {
    successRedirect: '/user/profile',
    failureRedirect: '/user/signin',
    failureFlash: true

}));




module.exports = router;

//Used for declaring if user is logged and and authenticated
//.isAuthenticated is from passport and is automatically created when user
//is logged on
function isLoggedIn(req, res, next) {
    if (req.isAuthenticated()) {
        return next();
    } else {
        res.redirect('/');
    }

}


function notLoggedIn(req, res, next) {
    if (!req.isAuthenticated()) {
        return next();
    } else {
        res.redirect('/');
    }

}

这是错误日志:

    ForbiddenError: invalid csrf token
at csrf (C:\Users\RyanCarruthers\Desktop\shoppingcart\shopping-cart\node_modules\csurf\index.js:112:19)
at Layer.handle [as handle_request] (C:\Users\RyanCarruthers\Desktop\shoppingcart\shopping-cart\node_modules\express\lib\router\layer.js:95:5)
at trim_prefix (C:\Users\RyanCarruthers\Desktop\shoppingcart\shopping-cart\node_modules\express\lib\router\index.js:312:13)
at C:\Users\RyanCarruthers\Desktop\shoppingcart\shopping-cart\node_modules\express\lib\router\index.js:280:7
at Function.process_params (C:\Users\RyanCarruthers\Desktop\shoppingcart\shopping-cart\node_modules\express\lib\router\index.js:330:12)
at next (C:\Users\RyanCarruthers\Desktop\shoppingcart\shopping-cart\node_modules\express\lib\router\index.js:271:10)
at Function.handle (C:\Users\RyanCarruthers\Desktop\shoppingcart\shopping-cart\node_modules\express\lib\router\index.js:176:3)
at router (C:\Users\RyanCarruthers\Desktop\shoppingcart\shopping-cart\node_modules\express\lib\router\index.js:46:12)
at Layer.handle [as handle_request] (C:\Users\RyanCarruthers\Desktop\shoppingcart\shopping-cart\node_modules\express\lib\router\layer.js:95:5)
at trim_prefix (C:\Users\RyanCarruthers\Desktop\shoppingcart\shopping-cart\node_modules\express\lib\router\index.js:312:13)
at C:\Users\RyanCarruthers\Desktop\shoppingcart\shopping-cart\node_modules\express\lib\router\index.js:280:7
at Function.process_params (C:\Users\RyanCarruthers\Desktop\shoppingcart\shopping-cart\node_modules\express\lib\router\index.js:330:12)
at next (C:\Users\RyanCarruthers\Desktop\shoppingcart\shopping-cart\node_modules\express\lib\router\index.js:271:10)
at C:\Users\RyanCarruthers\Desktop\shoppingcart\shopping-cart\app.js:48:5
at Layer.handle [as handle_request] (C:\Users\RyanCarruthers\Desktop\shoppingcart\shopping-cart\node_modules\express\lib\router\layer.js:95:5)
at trim_prefix (C:\Users\RyanCarruthers\Desktop\shoppingcart\shopping-cart\node_modules\express\lib\router\index.js:312:13)

这是我的app.js文件。注释掉某些事情,例如与他们一起玩的会议。 

var express = require('express');
var path = require('path');
var favicon = require('serve-favicon');
var logger = require('morgan');
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var mongoose = require('mongoose');
var routes = require('./routes/index');
var user = require('./routes/users');
var session = require('express-session');
var passport = require('passport');
var flash = require('connect-flash');

//var MongoStore = require('connect-mongo')(session);

var app = express();


mongoose.connect('localhost:27017/shopping');
require('./config/passport');;
// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'hbs');

// uncomment after placing your favicon in /public
//app.use(favicon(path.join(__dirname, 'public', 'favicon.ico')));
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({
    extended: false
}));
app.use(cookieParser());
 app.use(session({
     secret: 'mysupersecret',
     resave: false,
     saveUninitialized: false
 }));
app.use(flash());
app.use(passport.initialize());
app.use(passport.session());
app.use(express.static(path.join(__dirname, 'public')));

//Is called EVERYTIME a rquest is made
app.use(function(req, res, next) {
    res.locals.login = req.isAuthenticated();
    //res.locals.session = req.session;
    next();
});

app.use('/user', user);
app.use('/', routes);





module.exports = app;

编辑=好的,所以我设法解决了我错误配置的csurg。问题与它试图使用的会话有关。我编辑了会话(我使用快速会话模块),现在它的工作。但我确实有一个注销按钮,我将POST HTTP方法发送到'/ user / profile',用户应在其中注销。我收到403错误,不知道为什么。

0 个答案:

没有答案
相关问题
最新问题