From 2cf2199964f4cfc0385c30e714baf2ad2c51645e Mon Sep 17 00:00:00 2001 From: Shane Kilkelly Date: Fri, 11 Nov 2016 13:48:29 +0000 Subject: [PATCH] WIP: enable non-csrf routes from modules --- services/web/app/coffee/infrastructure/Modules.coffee | 6 +++++- services/web/app/coffee/infrastructure/Server.coffee | 9 ++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/services/web/app/coffee/infrastructure/Modules.coffee b/services/web/app/coffee/infrastructure/Modules.coffee index 0dfbf3fa22..1b3c2ea9a5 100644 --- a/services/web/app/coffee/infrastructure/Modules.coffee +++ b/services/web/app/coffee/infrastructure/Modules.coffee @@ -18,6 +18,10 @@ module.exports = Modules = applyRouter: (webRouter, apiRouter) -> for module in @modules module.router?.apply(webRouter, apiRouter) + + applyNonCsrfRouter: (webRouter, apiRouter) -> + for module in @modules + module.nonCsrfRouter?.apply(webRouter, apiRouter) viewIncludes: {} loadViewIncludes: (app) -> @@ -58,4 +62,4 @@ module.exports = Modules = return callback(error) if error? return callback null, results -Modules.loadModules() \ No newline at end of file +Modules.loadModules() diff --git a/services/web/app/coffee/infrastructure/Server.coffee b/services/web/app/coffee/infrastructure/Server.coffee index 1df566b571..6ee9390b93 100644 --- a/services/web/app/coffee/infrastructure/Server.coffee +++ b/services/web/app/coffee/infrastructure/Server.coffee @@ -90,9 +90,6 @@ webRouter.use session secure: Settings.secureCookie store: sessionStore key: Settings.cookieName -webRouter.use csrfProtection -webRouter.use translations.expressMiddlewear -webRouter.use translations.setLangBasedOnDomainMiddlewear # passport webRouter.use passport.initialize() @@ -113,6 +110,12 @@ Modules.hooks.fire 'passportSetup', passport, (err) -> if err? logger.err {err}, "error setting up passport in modules" +Modules.applyNonCsrfRouter(webRouter, apiRouter) + +webRouter.use csrfProtection +webRouter.use translations.expressMiddlewear +webRouter.use translations.setLangBasedOnDomainMiddlewear + # Measure expiry from last request, not last login webRouter.use (req, res, next) -> req.session.touch()