Javascript 无效的csrf令牌express
我正在学习后端,在我的express nodejs项目中,我对csurf保护有一个问题。当我在“添加管理表单”中提交时,会发现“添加产品表单”和“编辑产品表单”错误 无效的csrf令牌 403 禁止错误:无效的csrf令牌 这是我的app.jsJavascript 无效的csrf令牌express,javascript,node.js,express,Javascript,Node.js,Express,我正在学习后端,在我的express nodejs项目中,我对csurf保护有一个问题。当我在“添加管理表单”中提交时,会发现“添加产品表单”和“编辑产品表单”错误 无效的csrf令牌 403 禁止错误:无效的csrf令牌 这是我的app.js var express = require('express'); var path = require('path'); var cookieParser = require('cookie-parser'); var logger = require
var express = require('express');
var path = require('path');
var cookieParser = require('cookie-parser');
var logger = require('morgan');
var expressHbs = require('express-handlebars');
var mongoose = require('mongoose');
var session = require('express-session');
var passport = require('passport');
var flash = require('connect-flash');
var MongoStore = require('connect-mongo')(session);
var indexRouter = require('./routes/index');
var userRouter = require('./routes/user');
var adminRouter = require('./routes/admin');
const Product = require('./models/product');
var app = express();
mongoose.connect('mongodb://localhost:27017/project3', {useNewUrlParser: true, useUnifiedTopology: true});
require('./config/passport')(passport);
// view engine setup
app.engine('.hbs',expressHbs({defaultLayout:'layout', extname:'.hbs', runtimeOptions: {
allowProtoPropertiesByDefault: true,
allowProtoMethodsByDefault: true
}}));
app.set('view engine', '.hbs');
app.use(logger('dev'));
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
app.use(cookieParser());
app.use(session({
secret:'mysupersecret',
resave: false,
saveUninitialized: false,
store: new MongoStore({mongooseConnection: mongoose.connection}),
cookie: {maxAge: 30*60*24*60*1000}
}));
app.use(flash());
app.use(passport.initialize());
app.use(passport.session());
app.use('/static',express.static('public'));
app.use(function(req,res,next){
res.locals.login = req.isAuthenticated();
res.locals.session = req.session;
next();
});
//routes
app.use('/admin', adminRouter);
app.use('/user', userRouter);
app.use('/', indexRouter);
// catch 404 and forward to error handler
app.use(function(req, res, next) {
next(createError(404));
});
// error handler
app.use(function(err, req, res, next) {
// set locals, only providing error in development
res.locals.message = err.message;
res.locals.error = req.app.get('env') === 'development' ? err : {};
// render the error page
res.status(err.status || 500);
res.render('error');
});
module.exports = app;
var express = require('express');
var router = express.Router();
var csrf = require('csurf');
var multer = require('multer');
var mongoose = require('mongoose');
var async = require('async');
var {check, validationResult} = require('express-validator');
var passport = require('passport');
var LocalStrategy = require('passport-local').Strategy;
var csrfProtection = csrf();
router.use(csrfProtection);
mongoose.connect('mongodb://localhost:27017/project3', {useNewUrlParser: true, useUnifiedTopology: true});
var Product = require('../models/product');
var User = require("../models/user");
// add-product page
router.get("/add-product",csrfProtection,
function(req,res,next) {
var messages = req.flash('error');
res.render('admin/add-product', {
csrfToken: req.csrfToken(),
messages: messages,
hasErrors: messages.length>0,
});
});
//edit-product page
router.get("/edit-product/:id", csrfProtection,function(req,res,next){
Product.findById(req.params.id, function(err, data){
if(err) {
throw err;
} else {
res.render("admin/edit-product", {
csrfToken: req.csrfToken(),
editedProduct:data,
});
}
});
});
//delete a product
router.get("/delete-product/:id", function(req,res,next){
Product.deleteOne({_id: req.params.id}, function(err){
if(err) {
throw err;
} else {
res.redirect("../list-product");
}
});
});
//list admin
router.get('/list-admin', function(req,res,next){
User.find({rule: 2}, function(err,admin){
if(err) {
throw err;
}
else {
res.render('admin/list-admin', {
csrfToken: req.csrfToken(),
admin: admin
});
}
});
});
// add account admin
router.get('/add-admin', function(req,res, next) {
var messages = req.flash('error');
res.render('admin/add-admin', {
csrfToken: req.csrfToken(),
messages: messages,
hasErrors: messages.length>0
});
});
module.exports = router;
<div class="row">
<div class="col-sm-6 col-md-4 col-md-offset-4 col-sm-offet-3">
<form action="/admin/add-product" method="post" id='checkout-form' enctype="multipart/form-data">
<div class="row">
<div class="col-xs-12">
<div class="form-group">
<label for="name">Tên sản phẩm</label>
<input type="text" id="name" name="name" class="form-control" required>
</div>
</div>
</div>
<input type="hidden" name="_csrf" value="{{csrfToken}}">
<button type="submit" class="btn btn-success">Thêm sản phẩm</button>
</form>
</div>
</div>
Tên sản phẩM
泰姆斯ản phẩM
<div class="row">
<div class="col-sm-6 col-md-4 col-md-offset-4 col-sm-offet-3">
<form action="../edit" method="post" id='edit-form' enctype="multipart/form-data" >
<div class="row">
<input type="hidden" name="IDChar" value={{editedProduct._id}}>>
<div class="col-xs-12">
<div class="form-group">
<label for="name">Tên sản phẩm</label>
<input type="text" id="name" value="{{editedProduct.name}}" class="form-control" required>
</div>
</div>
<hr>
</div>
<input type="hidden" name="_csrf" value="{{csrfToken}}">
<button type="submit" class="btn btn-success">Thay đổi</button>
</form>
</div>
</div>
>
Tên sản phẩM
塞伊ổ我
<div class="row">
<div class="col-md-4 col-md-offset-4">
<h3>Thêm tài khoản admin</h3>
{{#if hasErrors}}
<div class="alert alert-danger">
{{#each messages}}
<p>{{this}}</p>
{{/each}}
</div>
{{/if}}
<form action="/admin/add-admin" method='post'>
<div class="form-group">
<label for="email">Email</label>
<input type="text" id ="email" name = "email" class="form-control">
</div>
<div class="form-group">
<label for="password">Mật khẩu</label>
<input type="password" id="password" name="password" class="form-control">
</div>
<input type="hidden" name="_csrf" value="{{csrfToken}}">
<button type="submit"class="btn btn-primary">Thêm tài khoản Admin</button>
</form>
</div>
</div>
Thêm tái khoản管理员
{{#如果有错误}
{{{#每条消息}
{{this}}
{{/每个}}
{{/if}
电子邮件
Mật khẩU
Thêm tái khoản管理员