Dive into secure and efficient coding practices with our curated list of the top 10 examples showcasing 'lusca' in functional components in JavaScript. Our advanced machine learning engine meticulously scans each line of code, cross-referencing millions of open source libraries to ensure your implementation is not just functional, but also robust and secure. Elevate your React applications to new heights by mastering the art of handling side effects, API calls, and asynchronous operations with confidence and precision.
"use strict";
const _ = require('lodash');
const csrf = require('lusca').csrf();
module.exports.returnTo = function() {
return function (req, res, next) {
// Keep track of previous URL to redirect back to
// original destination after a successful login.
if (req.method !== 'GET') {
return next();
}
let path = req.path.split('/')[1];
if (/(auth|login|logout|signup)$/i.test(path)) {
return next();
}
luscaCsp = lusca.csp(config.security.csp);
obj.server.use(luscaCsp).blacklist(luscaCsp);
}
if (!isEmpty(config.security.xframe || "")) {
luscaXframe = lusca.xframe(config.security.xframe);
obj.server.use(luscaXframe).blacklist(luscaXframe);
}
if (!isEmpty(config.security.p3p || "")) {
luscaP3p = lusca.p3p(config.security.p3p);
obj.server.use(luscaP3p).blacklist(luscaP3p);
}
if (config.security.hsts instanceof Object) {
luscaHsts = lusca.hsts(config.security.hsts);
obj.server.use(luscaHsts).blacklist(luscaHsts);
}
if (config.security.xssProtection instanceof Object) {
luscaXssProtection = lusca.xssProtection(config.security.xssProtection);
obj.server.use(luscaXssProtection).blacklist(luscaXssProtection);
}
// Can fork to `middleware.keymaster()`
obj.server.use(middleware.zuul).blacklist(middleware.zuul);
if (stateless && !stateful) {
init(false);
} else {
init(true);
app.use((req, res, next) => {
if (
// req.path === '/api/v1' ||
req.path === '/api' ||
RegExp('/api/.*').test(req.path) ||
process.env.NODE_ENV === 'test'
) {
// Multer multipart/form-data handling needs to occur before the Lusca CSRF check.
// eslint-disable-next-line no-underscore-dangle
res.locals._csrf = '';
next();
} else {
lusca.referrerPolicy('same-origin');
lusca.csrf()(req, res, next);
}
});
/**
luscaXframe = lusca.xframe(config.security.xframe);
obj.always(luscaXframe).blacklist(luscaXframe);
}
if (isEmpty(config.security.p3p || "") === false) {
luscaP3p = lusca.p3p(config.security.p3p);
obj.always(luscaP3p).blacklist(luscaP3p);
}
if (config.security.hsts instanceof Object) {
luscaHsts = lusca.hsts(config.security.hsts);
obj.always(luscaHsts).blacklist(luscaHsts);
}
if (config.security.xssProtection) {
luscaXssProtection = lusca.xssProtection(config.security.xssProtection);
obj.always(luscaXssProtection).blacklist(luscaXssProtection);
}
if (config.security.nosniff) {
luscaNoSniff = lusca.nosniff();
obj.always(luscaNoSniff).blacklist(luscaNoSniff);
}
// Can fork to `middleware.keymaster()`
obj.always(middleware.zuul).blacklist(middleware.zuul);
passportInit = passport.initialize();
obj.always(passportInit).blacklist(passportInit);
if (stateless === false) {
passportSession = passport.session();
// does not contains the api substring
_express.use((req, res, next) => {
const apiPrefix = Locals.config().apiPrefix;
if (req.originalUrl.includes(`/${apiPrefix}/`)) {
next();
} else {
lusca.csrf()(req, res, next);
}
});
// Enables x-frame-options headers
_express.use(lusca.xframe('SAMEORIGIN'));
// Enables xss-protection headers
_express.use(lusca.xssProtection(true));
_express.use((req, res, next) => {
// After successful login, redirect back to the intended page
if (!req.user
&& req.path !== '/login'
&& req.path !== '/signup'
&& !req.path.match(/^\/auth/)
&& !req.path.match(/\./)) {
req.session.returnTo = req.originalUrl;
} else if (req.user
&& (req.path === '/account' || req.path.match(/^\/api/))) {
req.session.returnTo = req.originalUrl;
}
next();
});
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(flash());
// security
app.disable('x-powered-by');
app.use(function enableCSRF(req, res, next) {
if (req.path === '/events') {
next();
} else {
lusca.csrf()(req, res, next);
}
});
app.use(lusca.xframe('SAMEORIGIN'));
app.use(lusca.xssProtection(true));
// user
app.use(function addUserToLocals(req, res, next) {
res.locals.user = req.user;
next();
});
app.use(function redirectUser(req, res, next) {
// After successful login, redirect back to the intended page
if (!req.user && !req.path.match(/^\/auth/) && !req.path.match(/\./)) {
req.session.returnTo = req.path;
} else if (req.user && req.path === '/account') {
req.session.returnTo = req.path;
}
next();
});
const html = md.render(str);
fn(null, html);
} catch (err) {
fn(err);
}
});
})
.set('view engine', 'html')
.set('views', `${__dirname}/public`)
.use(session(config.get('session')))
.use(setCsrfHeader)
.disable('x-powered-by') // Do not advertise Express
// .use(lusca.csrf()) // Cross Site Request Forgery
// .use(lusca.csp({policy: config.csp})) // Content Security Policy
.use(lusca.hsts({maxAge: 31536000}))
.use(lusca.xssProtection(true))
.use(helmet.noSniff())
.use(helmet.ieNoOpen())
.use(helmet.referrerPolicy({policy: 'no-referrer'}))
.use(compress()) // Use gzip compression
.use(express.static(__dirname)); // Serve static files
app.get('/', verifyCsrfHeader, (req, res) => {
res.render('index', {
message: 'The server is functioning properly!'
});
});
app.get('/:page.md', verifyCsrfHeader, (req, res) => {
const {page} = req.params;
res.render(`${page}.md`);
});
module.exports = app;
app.use(bodyParser.urlencoded({ extended: true }));
app.use(expressValidator());
app.use(session({
resave: true,
saveUninitialized: true,
secret: process.env.SESSION_SECRET,
store: new MongoStore({
url: process.env.MONGODB_URI || process.env.MONGOLAB_URI,
autoReconnect: true
})
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(flash());
app.use(lusca.xframe("SAMEORIGIN"));
app.use(lusca.xssProtection(true));
app.use((req, res, next) => {
res.locals.user = req.user;
next();
});
app.use((req, res, next) => {
// After successful login, redirect back to the intended page
if (!req.user &&
req.path !== "/login" &&
req.path !== "/signup" &&
!req.path.match(/^\/auth/) &&
!req.path.match(/\./)) {
req.session.returnTo = req.path;
} else if (req.user &&
req.path == "/account") {
req.session.returnTo = req.path;
}
// Create Express server
const app = express();
// Express configuration
app.set('port', process.env.PORT || 3000);
app.use(compression());
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}));
app.use(expressValidator());
app.use(expressSession({
cookie: {maxAge: 60000},
secret: 'null'
}));
app.use(lusca.xframe('SAMEORIGIN'));
app.use(lusca.xssProtection(true));
app.use(function (req, res, next) {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
next();
});
app.use(
express.static(path.join(__dirname, 'public'), {maxAge: 31557600000})
);
/**
* API examples routes.
*/
app.get('/api', apiController.getApi);
url: process.env.MONGODB_URI || process.env.MONGOLAB_URI,
autoReconnect: true,
clear_interval: 3600
})
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(flash());
app.use((req, res, next) => {
if (req.path === '/api/upload') {
next();
} else {
lusca.csrf()(req, res, next);
}
});
app.use(lusca.xframe('SAMEORIGIN'));
app.use(lusca.xssProtection(true));
app.use((req, res, next) => {
res.locals.user = req.user;
next();
});
app.use((req, res, next) => {
// After successful login, redirect back to the intended page
if (!req.user &&
req.path !== '/login' &&
req.path !== '/signup' &&
!req.path.match(/^\/auth/) &&
!req.path.match(/\./)) {
req.session.returnTo = req.path;
} else if (req.user &&
req.path === '/account') {
req.session.returnTo = req.path;