0
votes

i done all the require work i see token in hidden value but when i log out or login the error will appear

i try to change into locals in the render object but they are same

// importing express framework
const express = require('express');
const app = express();
// requiring path module
const path = require('path');
// ejs render requiring
const ejs = require('ejs');
// importing body-parser
const bodyParser = require('body-parser');
// connecting mongoosejs
// const mongoose = require('./util/db');
const mongoose = require('mongoose');
// using route
const indexRoute = require('./route/index');
const auth = require("./route/auth");

// cookies parser
const cookieParser = require('cookie-parser');
app.use(cookieParser());
// express session
const session = require('express-session');
const mongodbSession = require('connect-mongodb-session')(session);
// csrf token is added
const csrf = require('csurf');
let store = new mongodbSession({
  uri: "mongodb://127.0.0.1:27017/crud",
  collection:'session'
});

const crsfProtection = csrf();

app.use(session({secret:'hamse',resave: true,
  saveUninitialized: true,store:store}));

app.use(crsfProtection);
app.set('view engine','ejs')
app.set('public','views')



app.use(bodyParser.urlencoded({extended:false}));
app.use(bodyParser.json());
app.use('/',express.static(path.join(__dirname,'public')));

// using middleware
app.use((req,res,next)=>{
  res.locals.isAuthenticate= req.session.isLogIn;
  res.locals.csrfToken = req.csrfToken();
  next();
});
app.use(auth);
app.use(indexRoute);



const PORT = process.env.PORT | 3000;
mongoose
  .connect("mongodb://127.0.0.1:27017/crud", {
    useNewUrlParser: true,
    useFindAndModify: false
  })
  .then(result => {
    console.log("connected");
    app.listen(PORT, () => {
      console.log("port is working");
    });
  })
  .catch(err => {
    console.log("error");
  });

"> ForbiddenError: invalid csrf token at csrf (C:\Users\muraadso\Documents\crud\node_modules\csurf\index.js:112:19) at Layer.handle [as handle_request] (C:\Users\muraadso\Documents\crud\node_modules\express\lib\router\layer.js:95:5) at trim_prefix (C:\Users\muraadso\Documents\crud\node_modules\express\lib\router\index.js:317:13) at C:\Users\muraadso\Documents\crud\node_modules\express\lib\router\index.js:284:7 at Function.process_params (C:\Users\muraadso\Documents\crud\node_modules\express\lib\router\index.js:335:12) at next (C:\Users\muraadso\Documents\crud\node_modules\express\lib\router\index.js:275:10) at C:\Users\muraadso\Documents\crud\node_modules\express-session\index.js:495:7 at C:\Users\muraadso\Documents\crud\node_modules\connect-mongodb-session\index.js:124:20 at result (C:\Users\muraadso\Documents\crud\node_modules\mongodb\lib\utils.js:410:17) at session.endSession (C:\Users\muraadso\Documents\crud\node_modules\mongodb\lib\utils.js:398:11) at ClientSession.endSession (C:\Users\muraadso\Documents\crud\node_modules\mongodb-core\lib\sessions.js:134:41) at executeCallback (C:\Users\muraadso\Documents\crud\node_modules\mongodb\lib\utils.js:395:17) at handleCallback (C:\Users\muraadso\Documents\crud\node_modules\mongodb\lib\utils.js:128:55) at cursor.next (C:\Users\muraadso\Documents\crud\node_modules\mongodb\lib\operations\collection_ops.js:598:5) at result (C:\Users\muraadso\Documents\crud\node_modules\mongodb\lib\utils.js:410:17) at executeCallback (C:\Users\muraadso\Documents\crud\node_modules\mongodb\lib\utils.js:402:9)

1
have you followed the documentation? I quickly scrolled through their examples and foudn multiple problems with your code. - Peter

1 Answers

0
votes

Implementing of csrf is wrong in your code try replacing this

app.use(crsfProtection);

to

app.use(crsfProtection());