我完成了所有必不可少的工作,我看到隐藏值中的令牌,但是当我注销或登录时会出现错误
我尝试在渲染对象中更改为局部变量,但它们相同
// importing express framework
const express = require('express');
const app = express();
// requiring path module
const path = require('path');
// ejs render requiring
const ejs = require('ejs');
// importing body-parser
const bodyParser = require('body-parser');
// connecting mongoosejs
// const mongoose = require('./util/db');
const mongoose = require('mongoose');
// using route
const indexRoute = require('./route/index');
const auth = require("./route/auth");
// cookies parser
const cookieParser = require('cookie-parser');
app.use(cookieParser());
// express session
const session = require('express-session');
const mongodbSession = require('connect-mongodb-session')(session);
// csrf token is added
const csrf = require('csurf');
let store = new mongodbSession({
uri: "mongodb://127.0.0.1:27017/crud",
collection:'session'
});
const crsfProtection = csrf();
app.use(session({secret:'hamse',resave: true,
saveUninitialized: true,store:store}));
app.use(crsfProtection);
app.set('view engine','ejs')
app.set('public','views')
app.use(bodyParser.urlencoded({extended:false}));
app.use(bodyParser.json());
app.use('/',express.static(path.join(__dirname,'public')));
// using middleware
app.use((req,res,next)=>{
res.locals.isAuthenticate= req.session.isLogIn;
res.locals.csrfToken = req.csrfToken();
next();
});
app.use(auth);
app.use(indexRoute);
const PORT = process.env.PORT | 3000;
mongoose
.connect("mongodb://127.0.0.1:27017/crud", {
useNewUrlParser: true,
useFindAndModify: false
})
.then(result => {
console.log("connected");
app.listen(PORT, () => {
console.log("port is working");
});
})
.catch(err => {
console.log("error");
});
“> ForbiddenError:无效的CSRF令牌 在csrf(C:\ Users \ muraadso \ Documents \ crud \ node_modules \ csurf \ index.js:112:19) 在Layer.handle [作为handle_request](C:\ Users \ muraadso \ Documents \ crud \ node_modules \ express \ lib \ router \ layer.js:95:5) 在trim_prefix(C:\ Users \ muraadso \ Documents \ crud \ node_modules \ express \ lib \ router \ index.js:317:13) 在C:\ Users \ muraadso \ Documents \ crud \ node_modules \ express \ lib \ router \ index.js:284:7 在Function.process_params(C:\ Users \ muraadso \ Documents \ crud \ node_modules \ express \ lib \ router \ index.js:335:12) 在下一个(C:\ Users \ muraadso \ Documents \ crud \ node_modules \ express \ lib \ router \ index.js:275:10) 在C:\ Users \ muraadso \ Documents \ crud \ node_modules \ express-session \ index.js:495:7 在C:\ Users \ muraadso \ Documents \ crud \ node_modules \ connect-mongodb-session \ index.js:124:20 结果(C:\ Users \ muraadso \ Documents \ crud \ node_modules \ mongodb \ lib \ utils.js:410:17) 在session.endSession(C:\ Users \ muraadso \ Documents \ crud \ node_modules \ mongodb \ lib \ utils.js:398:11) 在ClientSession.endSession(C:\ Users \ muraadso \ Documents \ crud \ node_modules \ mongodb-core \ lib \ sessions.js:134:41) 在executeCallback(C:\ Users \ muraadso \ Documents \ crud \ node_modules \ mongodb \ lib \ utils.js:395:17) 在handleCallback(C:\ Users \ muraadso \ Documents \ crud \ node_modules \ mongodb \ lib \ utils.js:128:55) 在cursor.next下(C:\ Users \ muraadso \ Documents \ crud \ node_modules \ mongodb \ lib \ operations \ collection_ops.js:598:5) 结果(C:\ Users \ muraadso \ Documents \ crud \ node_modules \ mongodb \ lib \ utils.js:410:17) 在executeCallback(C:\ Users \ muraadso \ Documents \ crud \ node_modules \ mongodb \ lib \ utils.js:402:9)
答案 0 :(得分:0)
在代码中实施csrf是错误的,请尝试替换 这个
app.use(crsfProtection);
到
app.use(crsfProtection());