feat(csrf): removes

src/app.js

@@ -28,6 +28,7 @@ app.use(express.urlencoded({ extended: true }));
 app.use(morgan("dev"));
 
 const config = require("../config.json");
+const addCSRF = require("./middlewares/addCSRF");
 
 // Connect to MongoDB using the configuration
 mongoose
@@ -75,26 +76,28 @@ passport.deserializeUser((id, done) => {
 });
 
 app.use(cookieParser());
+//app.use(csrf());
+//app.use(addCSRF)
 app.use(
   session({ secret: config.secret_key, resave: false, saveUninitialized: true })
 );
-app.use(csrf());
 app.use(flash());
 app.use(passport.initialize());
 app.use(passport.session());
 
-app.get("/login", limiter, (req, res) => {
+app.get("/login", limiter,  (req, res) => {
   if (req.isAuthenticated()) {
     return res.redirect("/");
   } else {
-    res.render("login", { messages: req.flash("error") }); // Pass flash messages to the template
+    res.render("login", { messages: req.flash("error"), /*csrfToken: req.csrfToken()*/ }); // Pass flash messages to the template
   }
 });
 
 app.post("/login",limiter, (req, res, next) => {
+  /*console.log(req.body, req.csrfToken())
   if (!req.body._csrf || req.body._csrf !== req.csrfToken()) {
     return res.status(403).send("CSRF token validation failed.");
-  }
+  }*/
   passport.authenticate("local", (err, user, info) => {
     if (err) {
       return next(err);
@@ -128,13 +131,13 @@ app.get("/", isAuthenticated, (req, res) => {
 
 app.get("/register", (req, res) => {
   if (req.isAuthenticated()) return res.redirect("/");
-  res.render("register", { messages: req.flash("error") });
+  res.render("register", { messages: req.flash("error"), /*csrfToken: req.csrfToken()*/ });
 });
 
 app.post("/register", limiter, async (req, res) => {
-  if (!req.body._csrf || req.body._csrf !== req.csrfToken()) {
+  /*if (!req.body._csrf || req.body._csrf !== req.csrfToken()) {
     return res.status(403).send("CSRF token validation failed.");
-  }
+  }*/
   const { username, email, password, confirmPassword, fullName } = req.body;
 
   try {
@@ -179,13 +182,13 @@ app.post("/register", limiter, async (req, res) => {
 });
 
 app.get('/profile', isAuthenticated, async (req, res) => {
-    res.render('profile', { user: req.user, messages: req.flash() });
+    res.render('profile', { user: req.user, messages: req.flash(), /*csrfToken: req.csrfToken()*/ });
     });
 
 app.post('/profile', limiter, isAuthenticated, async (req, res) => {
-  if (!req.body._csrf || req.body._csrf !== req.csrfToken()) {
+  /*if (!req.body._csrf || req.body._csrf !== req.csrfToken()) {
     return res.status(403).send("CSRF token validation failed.");
-  }
+  }*/
     const { fullName, avatarUrl, bio, location, website } = req.body;
 
     try {

src/middlewares/addCSRF.js

@@ -0,0 +1,6 @@
+function addCSRF(req, res, next) {
+  res.locals.csrfToken = req.csrfToken();
+  next();
+}
+
+module.exports = addCSRF;

src/views/login.ejs

@@ -18,7 +18,7 @@
         <% } %>
 
         <form action="/login" method="POST">
-            <input type="hidden" name="_csrf" value="<%= csrfToken %>">
+            <input type="hidden" name="_csrf" value="<%= locals.csrfToken %>">
             <div class="form-group">
                 <label for="username">Username:</label>
                 <input type="text" id="username" name="username" required>

src/views/profile.ejs

@@ -16,7 +16,7 @@
     <div class="profile-section">
       <h2>Profile Information</h2>
       <form class="profile-form" action="/profile" method="POST">
-        <input type="hidden" name="_csrf" value="<%= csrfToken %>">
+        <input type="hidden" name="_csrf" value="<%= locals.csrfToken %>">
         <div class="form-group">
           <label for="fullName">Full Name:</label>
           <input

src/views/register.ejs

@@ -18,7 +18,7 @@
         <% } %>
 
         <form action="/register" method="POST">
-            <input type="hidden" name="_csrf" value="<%= csrfToken %>">
+            <input type="hidden" name="_csrf" value="<%= locals.csrfToken %>">
             <div class="form-group">
                 <label for="username">Username:</label>
                 <input type="text" id="username" name="username" required>