-
Notifications
You must be signed in to change notification settings - Fork 0
/
app.js
82 lines (62 loc) · 1.92 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
require('dotenv').config();
const express = require('express')
const cluster = require("cluster");
const app = express()
const os = require("os");
const cpus = os.cpus().length;
const port = 3000
const totalCPUs = require('node:os').cpus().length;
const session = require('express-session');
const csrf = require('csurf')
const csrfProtect = csrf({ cookie: true })
var cookieParser = require('cookie-parser')
var bodyParser = require('body-parser')
var parseForm = bodyParser.urlencoded({ extended: false })
app.use(cookieParser())
const sessionConfig = session({
secret: process.env.CSRFT_SESSION_SECRET,
keys: ['some random key'],
resave: false,
saveUninitialized: false,
cookie: {
maxAge: parseInt(process.env.CSRFT_EXPIRESIN),
sameSite: 'strict',
httpOnly: true,
domain: process.env.DOMAIN,
secure: false
}
});
app.use(sessionConfig);
if (cluster.isMaster) {
console.log(`Number of CPUs is ${totalCPUs}`);
console.log(`Master ${process.pid} is running`);
// Fork workers.
for (let i = 0; i < totalCPUs; i++) {
cluster.fork();
}
cluster.on('exit', (worker, code, signal) => {
console.log(`worker ${worker.process.pid} died`);
console.log("Let's fork another worker!");
cluster.fork();
});
} else {
runServer();
}
function runServer(){
app.get('/', (req, res) => {
res.send('Hello World')
})
app.get('/api/setCSRFToken', csrfProtect, (req, res, next) => {
const token = req.csrfToken();
res.send({csrfToken: token});
});
app.post('/api/checkCSRFToken', parseForm, csrfProtect, function (req, res) {
res.send({msg: 'CSRF Token is valid.'})
}); // If the token is invalid, it throws a 'ForbiddenError: invalid csrf token' error.
app.post('/api/csrf-vulnerable', function (req, res) {
res.status(200).json({result: true, message: 'Hakced..'});
});
app.listen(port, () => {
console.log(`Example app listening on port ${port}`)
});
}