Merge pull request #2964 from mozilla/MNTOR-1166
MNTOR-1166: Moving csrf to routing index
This commit is contained in:
Коммит
361f457c5c
|
@ -18,7 +18,6 @@ import '@sentry/tracing'
|
||||||
import AppConstants from './app-constants.js'
|
import AppConstants from './app-constants.js'
|
||||||
import { localStorage } from './utils/local-storage.js'
|
import { localStorage } from './utils/local-storage.js'
|
||||||
import { errorHandler } from './middleware/error.js'
|
import { errorHandler } from './middleware/error.js'
|
||||||
import { doubleCsrfProtection } from './utils/csrf.js'
|
|
||||||
import { initFluentBundles, updateLocale, getMessageWithLocale, getMessage } from './utils/fluent.js'
|
import { initFluentBundles, updateLocale, getMessageWithLocale, getMessage } from './utils/fluent.js'
|
||||||
import { loadBreachesIntoApp } from './utils/hibp.js'
|
import { loadBreachesIntoApp } from './utils/hibp.js'
|
||||||
import { RateLimitError } from './utils/error.js'
|
import { RateLimitError } from './utils/error.js'
|
||||||
|
@ -175,7 +174,6 @@ app.use(noSearchEngineIndex)
|
||||||
app.use(express.static(staticPath))
|
app.use(express.static(staticPath))
|
||||||
app.use(express.json())
|
app.use(express.json())
|
||||||
app.use(cookieParser(AppConstants.COOKIE_SECRET))
|
app.use(cookieParser(AppConstants.COOKIE_SECRET))
|
||||||
app.use(doubleCsrfProtection)
|
|
||||||
|
|
||||||
const apiLimiter = rateLimit({
|
const apiLimiter = rateLimit({
|
||||||
windowMs: 15 * 60 * 1000, // 15 minutes
|
windowMs: 15 * 60 * 1000, // 15 minutes
|
||||||
|
|
|
@ -19,20 +19,21 @@ import { dialog } from '../controllers/dialog.js'
|
||||||
import { landingPage } from '../controllers/landing.js'
|
import { landingPage } from '../controllers/landing.js'
|
||||||
import { notFoundPage } from '../controllers/notFound.js'
|
import { notFoundPage } from '../controllers/notFound.js'
|
||||||
import { notFound } from '../middleware/error.js'
|
import { notFound } from '../middleware/error.js'
|
||||||
|
import { doubleCsrfProtection } from '../utils/csrf.js'
|
||||||
|
|
||||||
const router = express.Router()
|
const router = express.Router()
|
||||||
|
|
||||||
router.get('/', landingPage)
|
router.get('/', landingPage)
|
||||||
router.get('*/dialog/:name', dialog)
|
router.get('*/dialog/:name', dialog)
|
||||||
|
|
||||||
router.use('/', dockerFlowRoutes)
|
router.use('/admin', doubleCsrfProtection, adminRoutes)
|
||||||
router.use('/admin', adminRoutes)
|
|
||||||
router.use('/api/v1/hibp/', hibpApiRoutes)
|
router.use('/api/v1/hibp/', hibpApiRoutes)
|
||||||
router.use('/api/v1/user/', userApiRoutes)
|
router.use('/api/v1/user/', doubleCsrfProtection, userApiRoutes)
|
||||||
router.use('/oauth', authRoutes)
|
router.use('/oauth', doubleCsrfProtection, authRoutes)
|
||||||
router.use('/user', userRoutes)
|
router.use('/user', doubleCsrfProtection, userRoutes)
|
||||||
router.use('/breaches', breachesRoutes)
|
router.use('/breaches', doubleCsrfProtection, breachesRoutes)
|
||||||
router.use('/breach-details', breachDetailsRoutes)
|
router.use('/breach-details', doubleCsrfProtection, breachDetailsRoutes)
|
||||||
|
router.use('/', doubleCsrfProtection, dockerFlowRoutes)
|
||||||
|
|
||||||
// Do not make the non-auth previews available on prod
|
// Do not make the non-auth previews available on prod
|
||||||
if (AppConstants.NODE_ENV !== 'production') {
|
if (AppConstants.NODE_ENV !== 'production') {
|
||||||
|
|
Загрузка…
Ссылка в новой задаче