csurf (csrf protection module) problem

[Jerba]

I'm very new to ExpressJS so please excuse what I imagine is a pretty horrific excuse of an application. However, I'm having some issues regarding the 'csurf' module which prevents cross-site request forgery, I managed to get it working correctly for the registration and logging in of users in the UserController.js, but I've decided to add blog functionality and I'm having some issues using the csurf module with the forms used to create said blog posts. 

https://github.com/Colure/express-application

I initially had the error below

ReferenceError: csrfToken is not defined
   at /Users/Connor/Desktop/express-application/controllers/PostController.js:28:16
   at Layer.handle [as handle_request] (/Users/Connor/Desktop/express-application/node_modules/express/lib/router/layer.js:95:5)
   at next (/Users/Connor/Desktop/express-application/node_modules/express/lib/router/route.js:131:13)
   at Route.dispatch (/Users/Connor/Desktop/express-application/node_modules/express/lib/router/route.js:112:3)
   at Layer.handle [as handle_request] (/Users/Connor/Desktop/express-application/node_modules/express/lib/router/layer.js:95:5)
   at /Users/Connor/Desktop/express-application/node_modules/express/lib/router/index.js:277:22
   at Function.process_params (/Users/Connor/Desktop/express-application/node_modules/express/lib/router/index.js:330:12)
   at next (/Users/Connor/Desktop/express-application/node_modules/express/lib/router/index.js:271:10)
   at jsonParser (/Users/Connor/Desktop/express-application/node_modules/body-parser/lib/types/json.js:100:40)
   at Layer.handle [as handle_request] (/Users/Connor/Desktop/express-application/node_modules/express/lib/router/layer.js:95:5)
   at trim_prefix (/Users/Connor/Desktop/express-application/node_modules/express/lib/router/index.js:312:13)
   at /Users/Connor/Desktop/express-application/node_modules/express/lib/router/index.js:280:7
   at Function.process_params (/Users/Connor/Desktop/express-application/node_modules/express/lib/router/index.js:330:12)
   at next (/Users/Connor/Desktop/express-application/node_modules/express/lib/router/index.js:271:10)
   at urlencodedParser (/Users/Connor/Desktop/express-application/node_modules/body-parser/lib/types/urlencoded.js:88:40)
   at Layer.handle [as handle_request] (/Users/Connor/Desktop/express-application/node_modules/express/lib/router/layer.js:95:5)

I know why I received this error because I had a similar issue when I applied the protection to the registration/login forms and it was because I didn't use

app.use(csrf());

in my UserController.js, however, is there a way I can globally use this module so I don't have to manually specific it's use in every controller that requires it..?

Knowing why I receive this error, I specified the use of the module in the PostController.js and ended up with a misconfigured csrfToken error. I feel this is the result of just lack of understanding regarding the proper usage of the module and if so could someone please point me in the right direction.

Error: misconfigured csrf
   at getsecret (/Users/Connor/Desktop/express-application/node_modules/csurf/index.js:195:11)
   at csrf (/Users/Connor/Desktop/express-application/node_modules/csurf/index.js:60:18)
   at Layer.handle [as handle_request] (/Users/Connor/Desktop/express-application/node_modules/express/lib/router/layer.js:95:5)
   at trim_prefix (/Users/Connor/Desktop/express-application/node_modules/express/lib/router/index.js:312:13)
   at /Users/Connor/Desktop/express-application/node_modules/express/lib/router/index.js:280:7
   at Function.process_params (/Users/Connor/Desktop/express-application/node_modules/express/lib/router/index.js:330:12)
   at next (/Users/Connor/Desktop/express-application/node_modules/express/lib/router/index.js:271:10)
   at jsonParser (/Users/Connor/Desktop/express-application/node_modules/body-parser/lib/types/json.js:100:40)
   at Layer.handle [as handle_request] (/Users/Connor/Desktop/express-application/node_modules/express/lib/router/layer.js:95:5)
   at trim_prefix (/Users/Connor/Desktop/express-application/node_modules/express/lib/router/index.js:312:13)
   at /Users/Connor/Desktop/express-application/node_modules/express/lib/router/index.js:280:7
   at Function.process_params (/Users/Connor/Desktop/express-application/node_modules/express/lib/router/index.js:330:12)
   at next (/Users/Connor/Desktop/express-application/node_modules/express/lib/router/index.js:271:10)
   at urlencodedParser (/Users/Connor/Desktop/express-application/node_modules/body-parser/lib/types/urlencoded.js:88:40)
   at Layer.handle [as handle_request] (/Users/Connor/Desktop/express-application/node_modules/express/lib/router/layer.js:95:5)
   at trim_prefix (/Users/Connor/Desktop/express-application/node_modules/express/lib/router/index.js:312:13)

[Ryan Schmidt]

I haven't used it before, but according to the module's documentation

https://www.npmjs.com/package/csurf

there are two ways to use it.


1. At setup time, define a variable for the csrf middleware:

var csrfProtection = csrf({ cookie: true })

Then use that middleware in every route where you want it:

app.get('/form', csrfProtection, function(req, res) {
// pass the csrfToken to the view
res.render('send', { csrfToken: req.csrfToken() })
})

app.post('/process', parseForm, csrfProtection, function(req, res) {
res.send('data is being processed')
})


Or:

2. At setup time, use the middleware unconditionally:

app.use(csrf({ cookie: true }))