forked from coldbox-modules/cbcsrf
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathModuleConfig.cfc
82 lines (74 loc) · 2.29 KB
/
ModuleConfig.cfc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
/**
* Copyright Since 2005 ColdBox Framework by Luis Majano and Ortus Solutions, Corp
* www.ortussolutions.com
* ---
*/
component {
// Module Properties
this.title = "ColdBox CSRF";
this.author = "Ortus Solutions, Corp";
this.webURL = "https://www.ortussolutions.com";
this.description = "Provides anti-Cross Site Request Forgery tokens that also work on older versions of CF.";
this.version = "@version.number@[email protected]@";
// Module Entry Point
this.entryPoint = "cbcsrf";
// Model Namespace
this.modelNamespace = "cbcsrf";
// CF Mapping
this.cfmapping = "cbcsrf";
// Auto Map Models Directory
this.autoMapModels = true;
// Helpers
this.applicationHelper = [ "helpers/Mixins.cfm" ];
// Dependencies
this.dependencies = [ "cbStorages" ];
/**
* Configure the module
*/
function configure(){
settings = {
// By default we load up an interceptor that verifies all non-GET incoming requests against the token validations
enableAutoVerifier : false,
// A list of events to exclude from csrf verification, regex allowed: e.g. stripe\..*
verifyExcludes : [
],
// By default, all csrf tokens have a life-span of 30 minutes. After 30 minutes, they expire and we aut-generate new ones.
// If you do not want expiring tokens, then set this value to 0
rotationTimeout : 30,
// Enable the /cbcsrf/generate endpoint to generate cbcsrf tokens for secured users.
enableEndpoint : false
};
// Generate token key for users
router.GET( "/generate/:key?", "main.index" );
}
/**
* Fires upon load
*/
function onLoad(){
// Auto load verifier?
if( settings.enableAutoVerifier ){
controller.getInterceptorService()
.registerInterceptor(
interceptorClass = "cbcsrf.interceptors.VerifyCsrf",
interceptorName = "VerifyCsfr@cbcsrf"
);
}
}
/**
* Fired when the module is unregistered and unloaded
*/
function onUnload(){
}
/**
* Listen to cbauth events to auto-rotate tokens upon login
*/
function postAuthentication( event, interceptData, rc, prc ){
wirebox.getInstance( "@cbcsrf" ).rotate();
}
/**
* Listen to cbauth events to auto-rotate tokens upon logout
*/
function postLogout( event, interceptData, rc, prc ){
wirebox.getInstance( "@cbcsrf" ).rotate();
}
}