UNPKG

node-soc-lite

Version:

A security middleware for NodeJs(express) app to Detect OWASP Top Basic and generate report in your ThreatEquation dashboard.

www.threatequation.com

threatequation/node-soc-lite

56 lines (39 loc) 1.25 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
'use strict'; var crypto = require('crypto'); var LENGTH = 10; function create(req, secretKey) { var session = req.session; if (session === undefined) { throw new Error('ThreatEquationMiddleware requires req.session to be available in order to maintain state'); } var secret = session[secretKey]; // Save the secret for validation if (!secret) { session[secretKey] = crypto.pseudoRandomBytes(LENGTH).toString('base64'); secret = session[secretKey]; } return { secret: secret, token: tokenize(salt(LENGTH), secret), validate: function validate(req, token) { if (typeof token !== 'string') { return false; } return token === tokenize(token.slice(0, LENGTH), req.session[secretKey]); } }; } function tokenize(salt, secret) { return salt + crypto.createHash('sha1').update(salt + secret).digest('base64'); } function salt(len) { var str = '', chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; for (var i = 0; i < len; i++) { str += chars[Math.floor(Math.random() * chars.length)]; } return str; } module.exports = { create: create };