How to use lusca - 10 common examples

To help you get started, we’ve selected a few lusca examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github qawemlilo / nodeza / lib / middleware.js View on Github external
"use strict";

const _ = require('lodash');
const csrf = require('lusca').csrf();


module.exports.returnTo = function() {
  return function (req, res, next) {
    // Keep track of previous URL to redirect back to
    // original destination after a successful login.
    if (req.method !== 'GET') {
      return next();
    }

    let path = req.path.split('/')[1];

    if (/(auth|login|logout|signup)$/i.test(path)) {
      return next();
    }
github avoidwork / tenso / src / utility.js View on Github external
luscaCsp = lusca.csp(config.security.csp);
		obj.server.use(luscaCsp).blacklist(luscaCsp);
	}

	if (!isEmpty(config.security.xframe || "")) {
		luscaXframe = lusca.xframe(config.security.xframe);
		obj.server.use(luscaXframe).blacklist(luscaXframe);
	}

	if (!isEmpty(config.security.p3p || "")) {
		luscaP3p = lusca.p3p(config.security.p3p);
		obj.server.use(luscaP3p).blacklist(luscaP3p);
	}

	if (config.security.hsts instanceof Object) {
		luscaHsts = lusca.hsts(config.security.hsts);
		obj.server.use(luscaHsts).blacklist(luscaHsts);
	}

	if (config.security.xssProtection instanceof Object) {
		luscaXssProtection = lusca.xssProtection(config.security.xssProtection);
		obj.server.use(luscaXssProtection).blacklist(luscaXssProtection);
	}

	// Can fork to `middleware.keymaster()`
	obj.server.use(middleware.zuul).blacklist(middleware.zuul);

	if (stateless && !stateful) {
		init(false);
	} else {
		init(true);
github MrDemonWolf / share / src / index.js View on Github external
app.use((req, res, next) => {
  if (
    // req.path === '/api/v1' ||
    req.path === '/api' ||
    RegExp('/api/.*').test(req.path) ||
    process.env.NODE_ENV === 'test'
  ) {
    // Multer multipart/form-data handling needs to occur before the Lusca CSRF check.
    // eslint-disable-next-line no-underscore-dangle
    res.locals._csrf = '';
    next();
  } else {
    lusca.referrerPolicy('same-origin');
    lusca.csrf()(req, res, next);
  }
});
/**
github avoidwork / tenso / lib / utility.js View on Github external
luscaXframe = lusca.xframe(config.security.xframe);
		obj.always(luscaXframe).blacklist(luscaXframe);
	}

	if (isEmpty(config.security.p3p || "") === false) {
		luscaP3p = lusca.p3p(config.security.p3p);
		obj.always(luscaP3p).blacklist(luscaP3p);
	}

	if (config.security.hsts instanceof Object) {
		luscaHsts = lusca.hsts(config.security.hsts);
		obj.always(luscaHsts).blacklist(luscaHsts);
	}

	if (config.security.xssProtection) {
		luscaXssProtection = lusca.xssProtection(config.security.xssProtection);
		obj.always(luscaXssProtection).blacklist(luscaXssProtection);
	}

	if (config.security.nosniff) {
		luscaNoSniff = lusca.nosniff();
		obj.always(luscaNoSniff).blacklist(luscaNoSniff);
	}

	// Can fork to `middleware.keymaster()`
	obj.always(middleware.zuul).blacklist(middleware.zuul);

	passportInit = passport.initialize();
	obj.always(passportInit).blacklist(passportInit);

	if (stateless === false) {
		passportSession = passport.session();
github GeekyAnts / express-typescript / src / middlewares / CsrfToken.ts View on Github external
// does not contains the api substring
		_express.use((req, res, next) => {
			const apiPrefix = Locals.config().apiPrefix;

			if (req.originalUrl.includes(`/${apiPrefix}/`)) {
				next();
			} else {
				lusca.csrf()(req, res, next);
			}
		});

		// Enables x-frame-options headers
		_express.use(lusca.xframe('SAMEORIGIN'));

		// Enables xss-protection headers
		_express.use(lusca.xssProtection(true));

		_express.use((req, res, next) => {
			// After successful login, redirect back to the intended page
			if (!req.user
				&& req.path !== '/login'
				&& req.path !== '/signup'
				&& !req.path.match(/^\/auth/)
				&& !req.path.match(/\./)) {
				req.session.returnTo = req.originalUrl;
			} else if (req.user
					&& (req.path === '/account' || req.path.match(/^\/api/))) {
				req.session.returnTo = req.originalUrl;
			}
			next();
		});
github TailorDev / assignees / app.js View on Github external
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(flash());

// security
app.disable('x-powered-by');
app.use(function enableCSRF(req, res, next) {
  if (req.path === '/events') {
    next();
  } else {
    lusca.csrf()(req, res, next);
  }
});
app.use(lusca.xframe('SAMEORIGIN'));
app.use(lusca.xssProtection(true));

// user
app.use(function addUserToLocals(req, res, next) {
  res.locals.user = req.user;
  next();
});
app.use(function redirectUser(req, res, next) {
  // After successful login, redirect back to the intended page
  if (!req.user && !req.path.match(/^\/auth/) && !req.path.match(/\./)) {
    req.session.returnTo = req.path;
  } else if (req.user && req.path === '/account') {
    req.session.returnTo = req.path;
  }
  next();
});
github jhwohlgemuth / tomo-cli / dist / commands / create-server / templates / server.js View on Github external
const html = md.render(str);
                fn(null, html);
            } catch (err) {
                fn(err);
            }
        });
    })
    .set('view engine', 'html')
    .set('views', `${__dirname}/public`)
    .use(session(config.get('session')))
    .use(setCsrfHeader)
    .disable('x-powered-by') // Do not advertise Express
    // .use(lusca.csrf()) // Cross Site Request Forgery
    // .use(lusca.csp({policy: config.csp})) // Content Security Policy
    .use(lusca.hsts({maxAge: 31536000}))
    .use(lusca.xssProtection(true))
    .use(helmet.noSniff())
    .use(helmet.ieNoOpen())
    .use(helmet.referrerPolicy({policy: 'no-referrer'}))
    .use(compress()) // Use gzip compression
    .use(express.static(__dirname)); // Serve static files
app.get('/', verifyCsrfHeader, (req, res) => {
    res.render('index', {
        message: 'The server is functioning properly!'
    });
});
app.get('/:page.md', verifyCsrfHeader, (req, res) => {
    const {page} = req.params;
    res.render(`${page}.md`);
});

module.exports = app;
github shanhuiyang / TypeScript-MERN-Starter / src / app.ts View on Github external
app.use(bodyParser.urlencoded({ extended: true }));
app.use(expressValidator());
app.use(session({
  resave: true,
  saveUninitialized: true,
  secret: process.env.SESSION_SECRET,
  store: new MongoStore({
    url: process.env.MONGODB_URI || process.env.MONGOLAB_URI,
    autoReconnect: true
  })
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(flash());
app.use(lusca.xframe("SAMEORIGIN"));
app.use(lusca.xssProtection(true));
app.use((req, res, next) => {
  res.locals.user = req.user;
  next();
});
app.use((req, res, next) => {
  // After successful login, redirect back to the intended page
  if (!req.user &&
      req.path !== "/login" &&
      req.path !== "/signup" &&
      !req.path.match(/^\/auth/) &&
      !req.path.match(/\./)) {
    req.session.returnTo = req.path;
  } else if (req.user &&
      req.path == "/account") {
    req.session.returnTo = req.path;
  }
github ukon1990 / wow-auction-helper / server / src / app.ts View on Github external
// Create Express server
const app = express();

// Express configuration
app.set('port', process.env.PORT || 3000);
app.use(compression());
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}));
app.use(expressValidator());
app.use(expressSession({
  cookie: {maxAge: 60000},
  secret: 'null'
}));
app.use(lusca.xframe('SAMEORIGIN'));
app.use(lusca.xssProtection(true));
app.use(function (req, res, next) {
  res.header('Access-Control-Allow-Origin', '*');
  res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
  next();
});

app.use(
  express.static(path.join(__dirname, 'public'), {maxAge: 31557600000})
);


/**
 * API examples routes.
 */
app.get('/api', apiController.getApi);
github adamalawrence / Ostia / app.js View on Github external
url: process.env.MONGODB_URI || process.env.MONGOLAB_URI,
    autoReconnect: true,
    clear_interval: 3600
  })
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(flash());
app.use((req, res, next) => {
  if (req.path === '/api/upload') {
    next();
  } else {
    lusca.csrf()(req, res, next);
  }
});
app.use(lusca.xframe('SAMEORIGIN'));
app.use(lusca.xssProtection(true));
app.use((req, res, next) => {
  res.locals.user = req.user;
  next();
});
app.use((req, res, next) => {
  // After successful login, redirect back to the intended page
  if (!req.user &&
      req.path !== '/login' &&
      req.path !== '/signup' &&
      !req.path.match(/^\/auth/) &&
      !req.path.match(/\./)) {
    req.session.returnTo = req.path;
  } else if (req.user &&
      req.path === '/account') {
    req.session.returnTo = req.path;

lusca

Application security for express.

Unrecognized
Latest version published 4 years ago

Package Health Score

57 / 100
Full package analysis

Similar packages