Skip to content

Commit

Permalink
Update .env.sample to include csrf_secret and then also update code i…
Browse files Browse the repository at this point in the history 
…n case it doesn't exist (#986)
  • Loading branch information
@FancMa01
FancMa01 authored Jan 2, 2025
1 parent bee7a45 commit 4229ec8
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 1 deletion.
1 change: 1 addition & 0 deletions Tombolo/.env.sample
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ API_KEY_DURATION=
# Authentication and Authorization Configuration
JWT_SECRET=
JWT_REFRESH_SECRET=
CSRF_SECRET=

# OAuth 2.0 - Azure
TENENT_ID=
Expand Down
4 changes: 3 additions & 1 deletion Tombolo/server/middlewares/csrfMiddleware.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,9 @@ const csrf = doubleCsrf({

const decoded = verifyToken(token, process.env.JWT_SECRET);

const secret = process.env.CSRF_SECRET + decoded.id;
const secret = process.env.CSRF_SECRET
? process.env.CSRF_SECRET
: "secret" + decoded.id;

return secret;
} catch (e) {
Expand Down

0 comments on commit 4229ec8

Please sign in to comment.