aboutsummaryrefslogtreecommitdiffstats
path: root/admportal/server/router/routes/admin.js
diff options
context:
space:
mode:
Diffstat (limited to 'admportal/server/router/routes/admin.js')
-rwxr-xr-xadmportal/server/router/routes/admin.js45
1 files changed, 24 insertions, 21 deletions
diff --git a/admportal/server/router/routes/admin.js b/admportal/server/router/routes/admin.js
index 4b7b8088..96c7fd85 100755
--- a/admportal/server/router/routes/admin.js
+++ b/admportal/server/router/routes/admin.js
@@ -5,40 +5,43 @@ var util = require('util');
var fs = require('fs');
var dbRoutes = require('./dbRoutes');
var csp = require('./csp');
+var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var sax = require('sax'),strict=true,parser = sax.parser(strict);
var async = require('async');
+var csrf = require('csurf');
+
+var csrfProtection = csrf({cookie: true});
+router.use(cookieParser());
// GET
router.get('/getParameters', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
dbRoutes.getParameters(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
});
-router.get('/deleteParameter', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
+router.get('/deleteParameter', csp.checkAuth, dbRoutes.checkDB, csrfProtection, function(req,res) {
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- tasks.push(function(callback) {
- dbRoutes.deleteParameter(req,res,callback);
- });
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getParameters(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('Row successfully deleted from PARAMETERS table.');
- dbRoutes.getParameters(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
+ var privilegeObj = req.session.loggedInAdmin;
+ var tasks = [];
+ tasks.push(function(callback) { dbRoutes.deleteParameter(req,res,callback); });
+ async.series(tasks, function(err,result){
+ var msgArray = new Array();
+ if(err){
+ msgArray.push(err);
+ dbRoutes.getParameters(req,res,{code:'failure', msg:msgArray},privilegeObj);
+ return;
+ }
+ else {
+ msgArray.push('Row successfully deleted from PARAMETERS table.');
+ dbRoutes.getParameters(req,res,{code:'success', msg:msgArray},privilegeObj);
+ return;
+ }
+ });
});
// POST
-router.post('/addParameter', csp.checkAuth, dbRoutes.checkDB, function(req,res){
+router.post('/addParameter', csp.checkAuth, dbRoutes.checkDB, csrfProtection, function(req,res){
var privilegeObj = req.session.loggedInAdmin;
var tasks = [];
@@ -59,7 +62,7 @@ router.post('/addParameter', csp.checkAuth, dbRoutes.checkDB, function(req,res){
});
// gamma - updateAicSite
-router.post('/updateParameter', csp.checkAuth, dbRoutes.checkDB, function(req,res){
+router.post('/updateParameter', csp.checkAuth, dbRoutes.checkDB, csrfProtection, function(req,res){
var privilegeObj = req.session.loggedInAdmin;
var tasks = [];