This repository was archived by the owner on Dec 15, 2021. It is now read-only.
forked from auth0-blog/csrf-sample-app
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathserver.js
More file actions
70 lines (59 loc) · 1.54 KB
/
server.js
File metadata and controls
70 lines (59 loc) · 1.54 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
const express = require("express");
const session = require('express-session');
const bodyParser = require('body-parser');
const port = 3000;
const app = express();
let reviews = [];
app.set('views', './templates');
app.set('view engine', 'ejs');
app.use(express.static('public'));
app.use(session({
secret: 'my-secret',
resave: true,
saveUninitialized: true,
cookie: {
httpOnly: true
}
}));
app.use(bodyParser.urlencoded({ extended: true }));
app.get('/', function (req, res) {
res.render('index', {
isValidSession: req.session.isValid,
username: req.session.username,
reviews
});
});
app.post('/reviews', function (req, res) {
if (req.session.isValid && req.body.newReview) reviews.push(req.body.newReview);
res.render('index', {
isValidSession: req.session.isValid,
username: req.session.username,
reviews
});
});
app.get('/session/new', function (req, res) {
req.session.isValid = true;
req.session.username = 'Alice';
req.session.email = 'alice@acme.com';
res.redirect('/');
});
app.get('/user', function (req, res) {
if (req.session.isValid) {
res.render('user', {
username: req.session.username,
email: req.session.email
});
} else {
res.redirect('/');
}
});
app.post('/user', function (req, res) {
if (req.session.isValid) {
req.session.username = req.body.username;
req.session.email = req.body.email;
res.redirect('/user');
} else {
res.redirect('/');
}
});
app.listen(port, () => console.log(`The server is listening at http://localhost:${port}`));