fe / yohobuywap-node · Commits

Go to a project

Authored by 王水玲
Commit bd1110b81bc183197484dcb3713894818dc94a1d 1 parent 15386d61

性能安全

Inline Side-by-side
Showing 23 changed files with 104 additions and 37 deletions
@@ -10,6 +10,7 @@ const router = require('express').Router(); //eslint-disable-line @@ -10,6 +10,7 @@ const router = require('express').Router(); //eslint-disable-line
10 const cRoot = './controllers'; 10 const cRoot = './controllers';
11 const authMW = require('../../doraemon/middleware/auth'); 11 const authMW = require('../../doraemon/middleware/auth');
12 const disableBFCache = require('../../doraemon/middleware/disable-BFCache'); 12 const disableBFCache = require('../../doraemon/middleware/disable-BFCache');
  13 +const csrf = require('../../doraemon/middleware/csrf');
13 const seckill = require(cRoot + '/seckill'); 14 const seckill = require(cRoot + '/seckill');
14 const order = require(cRoot + '/order'); 15 const order = require(cRoot + '/order');
15 const countController = require(`${cRoot}/count`); 16 const countController = require(`${cRoot}/count`);
@@ -41,7 +42,7 @@ router.post('/index/new/orderSub', authMW, order.orderSub); // 订单提交 @@ -41,7 +42,7 @@ router.post('/index/new/orderSub', authMW, order.orderSub); // 订单提交
41 router.get('/index/new/selectCoupon', authMW, order.selectCouponsPage); // 选择优惠券 页面 New! 42 router.get('/index/new/selectCoupon', authMW, order.selectCouponsPage); // 选择优惠券 页面 New!
42 router.post('/index/new/couponList', order.couponList); // [ajax]获取优惠券列表 43 router.post('/index/new/couponList', order.couponList); // [ajax]获取优惠券列表
43 router.post('/index/new/useCouponCode', order.useCouponCode); // [ajax]购物车输入优惠券码使用优惠券 44 router.post('/index/new/useCouponCode', order.useCouponCode); // [ajax]购物车输入优惠券码使用优惠券
44 -router.get('/index/new/selectAddress', authMW, order.selectAddress); // 选择地址 45 +router.get('/index/new/selectAddress', authMW, csrf, order.selectAddress); // 选择地址
45 router.get('/index/new/invoiceInfo', authMW, order.invoiceInfo); // 发票信息 46 router.get('/index/new/invoiceInfo', authMW, order.invoiceInfo); // 发票信息
46 router.get('/index/new/jitDetail', authMW, order.jitDetail); // JIT 拆单配送信息 47 router.get('/index/new/jitDetail', authMW, order.jitDetail); // JIT 拆单配送信息
47 router.get('/index/new/selectGiftcard', authMW, order.selectGiftcard); // 选择礼品卡页面 48 router.get('/index/new/selectGiftcard', authMW, order.selectGiftcard); // 选择礼品卡页面
@@ -9,9 +9,9 @@ @@ -9,9 +9,9 @@
9 {{#if addressInfo}} 9 {{#if addressInfo}}
10 <div class="address block address-wrap {{#if @root.pageChannel.boys}} boys{{/if}}{{#if @root.pageChannel.girls}} girls{{/if}}{{#if @root.pageChannel.kids}} kids{{/if}}{{#if @root.pageChannel.lifeStyle}} life-style{{/if}}" data-id ="{{addressId}}"> 10 <div class="address block address-wrap {{#if @root.pageChannel.boys}} boys{{/if}}{{#if @root.pageChannel.girls}} girls{{/if}}{{#if @root.pageChannel.kids}} kids{{/if}}{{#if @root.pageChannel.lifeStyle}} life-style{{/if}}" data-id ="{{addressId}}">
11 <div class="info"> 11 <div class="info">
12 - <span class="info-name">{{name}}</span> 12 + <span class="info-name">{{{name}}}</span>
13 <span class="info-phone">{{phoneNum}}</span> 13 <span class="info-phone">{{phoneNum}}</span>
14 - <a href="{{selectAddressUrl}}"><span class="info-address">{{addressInfo}}</span></a> 14 + <a href="{{selectAddressUrl}}"><span class="info-address">{{{addressInfo}}}</span></a>
15 <i class="iconfont">&#xe637;</i> 15 <i class="iconfont">&#xe637;</i>
16 </div> 16 </div>
17 <a class="rest" href="{{selectAddressUrl}}">其他地址<span class="iconfont">&#xe614;</span></a> 17 <a class="rest" href="{{selectAddressUrl}}">其他地址<span class="iconfont">&#xe614;</span></a>
@@ -177,7 +177,7 @@ @@ -177,7 +177,7 @@
177 {{#if addressInfo}} 177 {{#if addressInfo}}
178 <div class="address-bottom"> 178 <div class="address-bottom">
179 <div class="back"></div> 179 <div class="back"></div>
180 - <span>送至:{{addressInfo}}</span> 180 + <span>送至:{{{addressInfo}}}</span>
181 </div> 181 </div>
182 {{/if}} 182 {{/if}}
183 <div class="bill"> 183 <div class="bill">
@@ -2,9 +2,9 @@ @@ -2,9 +2,9 @@
2 <div class="page-wrap clearfix"> 2 <div class="page-wrap clearfix">
3 {{# address}} 3 {{# address}}
4 <div class="address-item" data-address-id="{{address_id}}" data-is-support="{{is_support}}" data-href="{{../moreUrl}}"> 4 <div class="address-item" data-address-id="{{address_id}}" data-is-support="{{is_support}}" data-href="{{../moreUrl}}">
5 - <span class="name">{{consignee}}</span> 5 + <span class="name">{{{consignee}}}</span>
6 <span class="tel">{{mobile}}</span> 6 <span class="tel">{{mobile}}</span>
7 - <p class="address-info">{{area}} {{address}}</p> 7 + <p class="address-info">{{area}} {{{address}}}</p>
8 <div class="action iconfont"> 8 <div class="action iconfont">
9 <span class="edit" data-href="/home/addressAct?id={{address_id}}&refer=buynow&product_sku={{../product_sku}}&buy_number={{../buy_number}}">&#xe61e;</span> 9 <span class="edit" data-href="/home/addressAct?id={{address_id}}&refer=buynow&product_sku={{../product_sku}}&buy_number={{../buy_number}}">&#xe61e;</span>
10 <span class="del" data-id="{{address_id}}">&#xe621;</span> 10 <span class="del" data-id="{{address_id}}">&#xe621;</span>
@@ -9,9 +9,9 @@ @@ -9,9 +9,9 @@
9 {{#if addressInfo}} 9 {{#if addressInfo}}
10 <div class="address block address-wrap {{#if @root.pageChannel.boys}} boys{{/if}}{{#if @root.pageChannel.girls}} girls{{/if}}{{#if @root.pageChannel.kids}} kids{{/if}}{{#if @root.pageChannel.lifeStyle}} life-style{{/if}}" data-id ="{{addressId}}"> 10 <div class="address block address-wrap {{#if @root.pageChannel.boys}} boys{{/if}}{{#if @root.pageChannel.girls}} girls{{/if}}{{#if @root.pageChannel.kids}} kids{{/if}}{{#if @root.pageChannel.lifeStyle}} life-style{{/if}}" data-id ="{{addressId}}">
11 <div class="info"> 11 <div class="info">
12 - <span class="info-name">{{name}}</span> 12 + <span class="info-name">{{{name}}}</span>
13 <span class="info-phone">{{phoneNum}}</span> 13 <span class="info-phone">{{phoneNum}}</span>
14 - <a href="/cart/index/new/selectAddress"><span class="info-address">{{addressInfo}}</span></a> 14 + <a href="/cart/index/new/selectAddress"><span class="info-address">{{{addressInfo}}}</span></a>
15 <i class="iconfont">&#xe637;</i> 15 <i class="iconfont">&#xe637;</i>
16 </div> 16 </div>
17 <a class="rest" href="/cart/index/new/selectAddress">其他地址<span class="iconfont">&#xe614;</span></a> 17 <a class="rest" href="/cart/index/new/selectAddress">其他地址<span class="iconfont">&#xe614;</span></a>
@@ -182,7 +182,7 @@ @@ -182,7 +182,7 @@
182 {{#if addressInfo}} 182 {{#if addressInfo}}
183 <div class="address-bottom"> 183 <div class="address-bottom">
184 <div class="back"></div> 184 <div class="back"></div>
185 - <span>送至:{{addressInfo}}</span> 185 + <span>送至:{{{addressInfo}}}</span>
186 </div> 186 </div>
187 {{/if}} 187 {{/if}}
188 <div class="bill"> 188 <div class="bill">
1 <div class="my-address-page select-address-page yoho-page"> 1 <div class="my-address-page select-address-page yoho-page">
2 <div class="page-wrap clearfix"> 2 <div class="page-wrap clearfix">
3 {{# address}} 3 {{# address}}
  4 + <input type="hidden" name="_csrf" value="{{@root.csrfToken}}"/>
4 <div class="address-item" data-address-id="{{address_id}}" data-is-support="{{is_support}}" data-href="{{../moreUrl}}"> 5 <div class="address-item" data-address-id="{{address_id}}" data-is-support="{{is_support}}" data-href="{{../moreUrl}}">
5 - <span class="name">{{consignee}}</span> 6 + <span class="name">{{{consignee}}}</span>
6 <span class="tel">{{mobile}}</span> 7 <span class="tel">{{mobile}}</span>
7 - <p class="address-info">{{area}} {{address}}</p> 8 + <p class="address-info">{{area}} {{{address}}}</p>
8 <div class="action iconfont"> 9 <div class="action iconfont">
9 <span class="edit" data-href="/home/addressAct?id={{address_id}}&refer=shopping">&#xe61e;</span> 10 <span class="edit" data-href="/home/addressAct?id={{address_id}}&refer=shopping">&#xe61e;</span>
10 <span class="del" data-id="{{address_id}}">&#xe621;</span> 11 <span class="del" data-id="{{address_id}}">&#xe621;</span>
@@ -11,6 +11,7 @@ const express = require('express'); @@ -11,6 +11,7 @@ const express = require('express');
11 const router = express.Router(); // eslint-disable-line 11 const router = express.Router(); // eslint-disable-line
12 const auth = require('../../doraemon/middleware/auth'); 12 const auth = require('../../doraemon/middleware/auth');
13 const disableBFCache = require('../../doraemon/middleware/disable-BFCache'); 13 const disableBFCache = require('../../doraemon/middleware/disable-BFCache');
  14 +const csrf = require('../../doraemon/middleware/csrf');
14 15
15 const cRoot = './controllers'; 16 const cRoot = './controllers';
16 const installment = require(cRoot + '/installment'); 17 const installment = require(cRoot + '/installment');
@@ -49,12 +50,12 @@ router.get('/QRcode/:id', personalController.QRcode); @@ -49,12 +50,12 @@ router.get('/QRcode/:id', personalController.QRcode);
49 router.get('/user/qrcode', auth, newQrcode.index); 50 router.get('/user/qrcode', auth, newQrcode.index);
50 51
51 /* 个人中心地址管理相关路由 */ 52 /* 个人中心地址管理相关路由 */
52 -router.get('/address', auth, addressController.address); // 地址管理页面  
53 -router.get('/addressAct', auth, addressController.addressAct); // 地址添加页面  
54 -router.get('/addressAct/:id', auth, addressController.addressAct); // 地址添加修改页面  
55 -router.post('/saveAddress', addressController.saveAddress); // 新增或者保存地址 53 +router.get('/address', auth, csrf, addressController.address); // 地址管理页面
  54 +router.get('/addressAct', auth, csrf, addressController.addressAct); // 地址添加页面
  55 +router.get('/addressAct/:id', auth, csrf, addressController.addressAct); // 地址添加修改页面
  56 +router.post('/saveAddress', csrf, addressController.saveAddress); // 新增或者保存地址
56 router.post('/defaultAddress', addressController.defaultAddress); // 设置默认地址 57 router.post('/defaultAddress', addressController.defaultAddress); // 设置默认地址
57 -router.post('/delAddress', addressController.delAddress); // 删除地址 58 +router.post('/delAddress', csrf, addressController.delAddress); // 删除地址
58 router.get('/locationList', auth, addressController.locationList); // 异步获取三级地址数据 59 router.get('/locationList', auth, addressController.locationList); // 异步获取三级地址数据
59 router.get('/addressModify', auth, addressController.addressModify); // 订单详情地址列表 60 router.get('/addressModify', auth, addressController.addressModify); // 订单详情地址列表
60 router.get('/chooseAddress', auth, addressController.chooseAddress); // 订单详情地址修改 61 router.get('/chooseAddress', auth, addressController.chooseAddress); // 订单详情地址修改
@@ -2,10 +2,11 @@ @@ -2,10 +2,11 @@
2 <div class="tip">为提高配送时效,请您尽量准确填写四级地址。</div> 2 <div class="tip">为提高配送时效,请您尽量准确填写四级地址。</div>
3 <div class="my-edit-address-page page-wrap"> 3 <div class="my-edit-address-page page-wrap">
4 <form class="edit-address"> 4 <form class="edit-address">
  5 + <input type="hidden" name="_csrf" value="{{@root.csrfToken}}" />
5 <input type="hidden" name="id" value="{{address.addressId}}"> 6 <input type="hidden" name="id" value="{{address.addressId}}">
6 <label class="username"> 7 <label class="username">
7 收 货 人 : 8 收 货 人 :
8 - <input type="text" name="consignee" maxlength="21" value="{{address.consignee}}"> 9 + <input type="text" name="consignee" maxlength="21" value="{{{address.consignee}}}">
9 </label> 10 </label>
10 <label class="mobile"> 11 <label class="mobile">
11 联系电话: 12 联系电话:
@@ -19,7 +20,7 @@ @@ -19,7 +20,7 @@
19 </label> 20 </label>
20 <label class="address"> 21 <label class="address">
21 详细地址: 22 详细地址:
22 - <textarea name="address" maxlength="255">{{address.address}}</textarea> 23 + <textarea name="address" maxlength="255">{{{address.address}}}</textarea>
23 </label> 24 </label>
24 </form> 25 </form>
25 <div class="submit"> 26 <div class="submit">
@@ -2,9 +2,9 @@ @@ -2,9 +2,9 @@
2 <div class="page-wrap clearfix modifyAdd" data-rel="{{relation}}" data-order-code="{{orderCode}}"> 2 <div class="page-wrap clearfix modifyAdd" data-rel="{{relation}}" data-order-code="{{orderCode}}">
3 {{# address}} 3 {{# address}}
4 <div class="address-item" data-address-id="{{addressId}}" > 4 <div class="address-item" data-address-id="{{addressId}}" >
5 - <span class="name">{{consignee}}</span> 5 + <span class="name">{{{consignee}}}</span>
6 <span class="tel">{{mobile}}</span> 6 <span class="tel">{{mobile}}</span>
7 - <p class="address-info">{{area}} {{address}}</p> 7 + <p class="address-info">{{area}} {{{address}}}</p>
8 </div> 8 </div>
9 {{/ address}} 9 {{/ address}}
10 10
1 <div class="my-address-page yoho-page"> 1 <div class="my-address-page yoho-page">
2 <div class="page-wrap"> 2 <div class="page-wrap">
3 {{# address}} 3 {{# address}}
  4 + <input type="hidden" name="_csrf" value="{{@root.csrfToken}}"/>
4 <div class="address-item"> 5 <div class="address-item">
5 - <span class="name">{{consignee}}</span> 6 + <span class="name">{{{consignee}}}</span>
6 <span class="tel">{{mobile}}</span> 7 <span class="tel">{{mobile}}</span>
7 - <p class="address-info">{{area}} {{address}}</p> 8 + <p class="address-info">{{area}} {{{address}}}</p>
8 <div class="action iconfont"> 9 <div class="action iconfont">
9 <a class="edit" href="/home/addressAct?id={{addressId}}">&#xe61e;</a> 10 <a class="edit" href="/home/addressAct?id={{addressId}}">&#xe61e;</a>
10 <span class="del" data-id="{{addressId}}">&#xe621;</span> 11 <span class="del" data-id="{{addressId}}">&#xe621;</span>
@@ -8,7 +8,7 @@ @@ -8,7 +8,7 @@
8 <div class="person-detail"> 8 <div class="person-detail">
9 <a href='{{userInfoLink}}' class="user-avatar" data-avatar="{{image head_ico 80 80}}"></a> 9 <a href='{{userInfoLink}}' class="user-avatar" data-avatar="{{image head_ico 80 80}}"></a>
10 <div class="basic-info"> 10 <div class="basic-info">
11 - <span class="user-name">{{nickname}}</span> 11 + <span class="user-name">{{{nickname}}}</span>
12 <span class="gender {{#isEqualOr gender 1}}boy{{/isEqualOr}}{{#isEqualOr gender 2}}girl{{/isEqualOr}}"></span> 12 <span class="gender {{#isEqualOr gender 1}}boy{{/isEqualOr}}{{#isEqualOr gender 2}}girl{{/isEqualOr}}"></span>
13 </div> 13 </div>
14 <div class="info"> 14 <div class="info">
@@ -8,7 +8,7 @@ @@ -8,7 +8,7 @@
8 <div class="level level-{{vip_info/cur_level}}"></div> 8 <div class="level level-{{vip_info/cur_level}}"></div>
9 </div> 9 </div>
10 <div class="right"> 10 <div class="right">
11 - <div class="name eps">{{nickname}}</div> 11 + <div class="name eps">{{{nickname}}}</div>
12 <div class="trend-code-c"> 12 <div class="trend-code-c">
13 <div class="dot">#&nbsp;</div> 13 <div class="dot">#&nbsp;</div>
14 <div class="scroll-c go-scroll"> 14 <div class="scroll-c go-scroll">
1 <div class="personal-details yoho-page"> 1 <div class="personal-details yoho-page">
2 <ul> 2 <ul>
3 <li><span>头像</span><span><i class="head-portrait user-avatar" data-avatar="{{image head_ico 128 128}}"></i></span></li> 3 <li><span>头像</span><span><i class="head-portrait user-avatar" data-avatar="{{image head_ico 128 128}}"></i></span></li>
4 - <li><span>昵称</span><span>{{ nickname }}</span></li> 4 + <li><span>昵称</span><span>{{{ nickname }}}</span></li>
5 <li><span>性别</span><span>{{ gender }}</span></li> 5 <li><span>性别</span><span>{{ gender }}</span></li>
6 <li><span>生日</span><span>{{ birthday }}</span></li> 6 <li><span>生日</span><span>{{ birthday }}</span></li>
7 </ul> 7 </ul>
1 {{#if vip3}} 1 {{#if vip3}}
2 <p> 2 <p>
3 - <span class="user-name">{{name}}</span> 3 + <span class="user-name">{{{name}}}</span>
4 <span class="vip-icon vip-3"></span> 4 <span class="vip-icon vip-3"></span>
5 </p> 5 </p>
6 <p class="grade-desc"> 6 <p class="grade-desc">
@@ -20,7 +20,7 @@ @@ -20,7 +20,7 @@
20 20
21 {{#if vip2}} 21 {{#if vip2}}
22 <p> 22 <p>
23 - <span class="user-name">{{name}}</span> 23 + <span class="user-name">{{{name}}}</span>
24 <span class="vip-icon vip-2"></span> 24 <span class="vip-icon vip-2"></span>
25 </p> 25 </p>
26 <p class="grade-desc"> 26 <p class="grade-desc">
@@ -43,7 +43,7 @@ @@ -43,7 +43,7 @@
43 43
44 {{#if vip1}} 44 {{#if vip1}}
45 <p> 45 <p>
46 - <span class="user-name">{{name}}</span> 46 + <span class="user-name">{{{name}}}</span>
47 <span class="vip-icon vip-1"></span> 47 <span class="vip-icon vip-1"></span>
48 </p> 48 </p>
49 <p class="grade-desc"> 49 <p class="grade-desc">
@@ -66,7 +66,7 @@ @@ -66,7 +66,7 @@
66 66
67 {{#if vip0}} 67 {{#if vip0}}
68 <p> 68 <p>
69 - <span class="user-name">{{name}}</span> 69 + <span class="user-name">{{{name}}}</span>
70 <span>普通会员</span> 70 <span>普通会员</span>
71 </p> 71 </p>
72 <p class="grade-desc"> 72 <p class="grade-desc">
@@ -71,7 +71,7 @@ const newGoods = (req, res, next) => { @@ -71,7 +71,7 @@ const newGoods = (req, res, next) => {
71 }); 71 });
72 72
73 // 唤起 APP 的路径 73 // 唤起 APP 的路径
74 - res.locals.appPath = `yohobuy://yohobuy.com/goapp?openby:yohobuy={"action":"go.new","params":${JSON.stringify(appParams)}}`; 74 + res.locals.appPath = `yohobuy://yohobuy.com/goapp?openby:yohobuy={"action":"go.new","params":${encodeURIComponent(JSON.stringify(appParams))}}`;
75 75
76 let seoTitle = '【潮流新品】_引领潮流_2018时尚潮流新品-YOHO!BUY 有货'; 76 let seoTitle = '【潮流新品】_引领潮流_2018时尚潮流新品-YOHO!BUY 有货';
77 77
@@ -144,7 +144,7 @@ const _newGoods = (req, res, next) => { @@ -144,7 +144,7 @@ const _newGoods = (req, res, next) => {
144 }); 144 });
145 145
146 // 唤起 APP 的路径 146 // 唤起 APP 的路径
147 - res.locals.appPath = `yohobuy://yohobuy.com/goapp?openby:yohobuy={"action":"go.new","params":${JSON.stringify(appParams)}}`; 147 + res.locals.appPath = `yohobuy://yohobuy.com/goapp?openby:yohobuy={"action":"go.new","params":${encodeURIComponent(JSON.stringify(appParams))}}`;
148 148
149 req.ctx(newModel).indexData(uid, channel).then(result => { 149 req.ctx(newModel).indexData(uid, channel).then(result => {
150 let shopList = _.get(result, 'shop_list', []); 150 let shopList = _.get(result, 'shop_list', []);
@@ -3,7 +3,7 @@ @@ -3,7 +3,7 @@
3 {{# comments}} 3 {{# comments}}
4 <div class="comment-item clearfix"> 4 <div class="comment-item clearfix">
5 <div class="user-info clearfix"> 5 <div class="user-info clearfix">
6 - <span class="user-name">{{userName}}</span> 6 + <span class="user-name">{{{userName}}}</span>
7 <span class="goods-spec"> 7 <span class="goods-spec">
8 购买了<b>{{color}}</b> 8 购买了<b>{{color}}</b>
9 </span> 9 </span>
@@ -12,11 +12,11 @@ @@ -12,11 +12,11 @@
12 <div class="comment-content-main content-main clearfix"> 12 <div class="comment-content-main content-main clearfix">
13 {{# comments}} 13 {{# comments}}
14 <span class="user-name"> 14 <span class="user-name">
15 - {{userName}} 15 + {{{userName}}}
16 </span> 16 </span>
17 <p class="goods-spec"> 17 <p class="goods-spec">
18 购买了{{desc}} 18 购买了{{desc}}
19 - </> 19 + </p>
20 <p class="detail-content"> 20 <p class="detail-content">
21 {{content}} 21 {{content}}
22 </p> 22 </p>
  1 +'use strict';
  2 +
  3 +const csrf = require('csurf');
  4 +const csrfInit = csrf();
  5 +
  6 +module.exports = (req, res, next) => {
  7 + return csrfInit(req, res, (e) => {
  8 + res.locals.csrfToken = req.csrfToken();
  9 +
  10 + return next(e);
  11 + });
  12 +};
@@ -62,6 +62,7 @@ @@ -62,6 +62,7 @@
62 "connect-redis": "^3.3.3", 62 "connect-redis": "^3.3.3",
63 "cookie-parser": "^1.4.3", 63 "cookie-parser": "^1.4.3",
64 "cssnano": "^3.10.0", 64 "cssnano": "^3.10.0",
  65 + "csurf": "^1.9.0",
65 "express": "^4.16.3", 66 "express": "^4.16.3",
66 "feed": "^1.1.0", 67 "feed": "^1.1.0",
67 "geetest": "^4.1.2", 68 "geetest": "^4.1.2",
@@ -13,7 +13,7 @@ @@ -13,7 +13,7 @@
13 <div class="user-info clearfix"> 13 <div class="user-info clearfix">
14 {{# comments}} 14 {{# comments}}
15 <span class="user-name"> 15 <span class="user-name">
16 - {{userName}} 16 + {{{userName}}}
17 </span> 17 </span>
18 <span class="goods-spec"> 18 <span class="goods-spec">
19 购买了<b>{{color}}</b> 19 购买了<b>{{color}}</b>
@@ -40,7 +40,8 @@ $confim.on('touchend', '.cancel', function() { @@ -40,7 +40,8 @@ $confim.on('touchend', '.cancel', function() {
40 method: 'POST', 40 method: 'POST',
41 url: '/home/delAddress', 41 url: '/home/delAddress',
42 data: { 42 data: {
43 - id: deleteId 43 + id: deleteId,
  44 + _csrf: $('input[name=_csrf]').val()
44 } 45 }
45 }).then(function(res) { 46 }).then(function(res) {
46 if ($.type(res) !== 'object') { 47 if ($.type(res) !== 'object') {
@@ -26,6 +26,10 @@ function cookie(name) { @@ -26,6 +26,10 @@ function cookie(name) {
26 var re = new RegExp(name + '=([^;$]*)', 'i'), 26 var re = new RegExp(name + '=([^;$]*)', 'i'),
27 matchPattern = '$1'; 27 matchPattern = '$1';
28 28
  29 + if (name === '_UID') {
  30 + return decodeURIComponent(re.test(document.cookie) ? RegExp[matchPattern] : '');
  31 + }
  32 +
29 try { 33 try {
30 return re.test(decodeURIComponent(document.cookie)) ? RegExp[matchPattern] : ''; 34 return re.test(decodeURIComponent(document.cookie)) ? RegExp[matchPattern] : '';
31 } catch (e) { 35 } catch (e) {
@@ -40,7 +40,8 @@ $confim.on('touchend', '.cancel', function() { @@ -40,7 +40,8 @@ $confim.on('touchend', '.cancel', function() {
40 method: 'POST', 40 method: 'POST',
41 url: '/home/delAddress', 41 url: '/home/delAddress',
42 data: { 42 data: {
43 - id: deleteId 43 + id: deleteId,
  44 + _csrf: $('input[name=_csrf]').val()
44 } 45 }
45 }).then(function(res) { 46 }).then(function(res) {
46 if ($.type(res) !== 'object') { 47 if ($.type(res) !== 'object') {
@@ -2240,6 +2240,14 @@ crypto-random-string@^1.0.0: @@ -2240,6 +2240,14 @@ crypto-random-string@^1.0.0:
2240 version "1.0.0" 2240 version "1.0.0"
2241 resolved "http://npm.yohops.com/crypto-random-string/-/crypto-random-string-1.0.0.tgz#a230f64f568310e1498009940790ec99545bca7e" 2241 resolved "http://npm.yohops.com/crypto-random-string/-/crypto-random-string-1.0.0.tgz#a230f64f568310e1498009940790ec99545bca7e"
2242 2242
  2243 +csrf@~3.0.3:
  2244 + version "3.0.6"
  2245 + resolved "http://npm.yohops.com/csrf/-/csrf-3.0.6.tgz#b61120ddceeafc91e76ed5313bb5c0b2667b710a"
  2246 + dependencies:
  2247 + rndm "1.2.0"
  2248 + tsscmp "1.0.5"
  2249 + uid-safe "2.1.4"
  2250 +
2243 css-color-function@~1.3.3: 2251 css-color-function@~1.3.3:
2244 version "1.3.3" 2252 version "1.3.3"
2245 resolved "http://npm.yohops.com/css-color-function/-/css-color-function-1.3.3.tgz#8ed24c2c0205073339fafa004bc8c141fccb282e" 2253 resolved "http://npm.yohops.com/css-color-function/-/css-color-function-1.3.3.tgz#8ed24c2c0205073339fafa004bc8c141fccb282e"
@@ -2402,6 +2410,15 @@ cssom@^0.3.2: @@ -2402,6 +2410,15 @@ cssom@^0.3.2:
2402 version "0.3.2" 2410 version "0.3.2"
2403 resolved "http://npm.yohops.com/cssom/-/cssom-0.3.2.tgz#b8036170c79f07a90ff2f16e22284027a243848b" 2411 resolved "http://npm.yohops.com/cssom/-/cssom-0.3.2.tgz#b8036170c79f07a90ff2f16e22284027a243848b"
2404 2412
  2413 +csurf@^1.9.0:
  2414 + version "1.9.0"
  2415 + resolved "http://npm.yohops.com/csurf/-/csurf-1.9.0.tgz#49d2c6925ffcec7b7de559597c153fa533364133"
  2416 + dependencies:
  2417 + cookie "0.3.1"
  2418 + cookie-signature "1.0.6"
  2419 + csrf "~3.0.3"
  2420 + http-errors "~1.5.0"
  2421 +
2405 currently-unhandled@^0.4.1: 2422 currently-unhandled@^0.4.1:
2406 version "0.4.1" 2423 version "0.4.1"
2407 resolved "http://npm.yohops.com/currently-unhandled/-/currently-unhandled-0.4.1.tgz#988df33feab191ef799a61369dd76c17adf957ea" 2424 resolved "http://npm.yohops.com/currently-unhandled/-/currently-unhandled-0.4.1.tgz#988df33feab191ef799a61369dd76c17adf957ea"
@@ -4042,6 +4059,14 @@ http-errors@1.6.3, http-errors@~1.6.2, http-errors@~1.6.3: @@ -4042,6 +4059,14 @@ http-errors@1.6.3, http-errors@~1.6.2, http-errors@~1.6.3:
4042 setprototypeof "1.1.0" 4059 setprototypeof "1.1.0"
4043 statuses ">= 1.4.0 < 2" 4060 statuses ">= 1.4.0 < 2"
4044 4061
  4062 +http-errors@~1.5.0:
  4063 + version "1.5.1"
  4064 + resolved "http://npm.yohops.com/http-errors/-/http-errors-1.5.1.tgz#788c0d2c1de2c81b9e6e8c01843b6b97eb920750"
  4065 + dependencies:
  4066 + inherits "2.0.3"
  4067 + setprototypeof "1.0.2"
  4068 + statuses ">= 1.3.1 < 2"
  4069 +
4045 http-parser-js@>=0.4.0: 4070 http-parser-js@>=0.4.0:
4046 version "0.4.13" 4071 version "0.4.13"
4047 resolved "http://npm.yohops.com/http-parser-js/-/http-parser-js-0.4.13.tgz#3bd6d6fde6e3172c9334c3b33b6c193d80fe1137" 4072 resolved "http://npm.yohops.com/http-parser-js/-/http-parser-js-0.4.13.tgz#3bd6d6fde6e3172c9334c3b33b6c193d80fe1137"
@@ -7828,6 +7853,10 @@ ripemd160@^2.0.0, ripemd160@^2.0.1: @@ -7828,6 +7853,10 @@ ripemd160@^2.0.0, ripemd160@^2.0.1:
7828 hash-base "^3.0.0" 7853 hash-base "^3.0.0"
7829 inherits "^2.0.1" 7854 inherits "^2.0.1"
7830 7855
  7856 +rndm@1.2.0:
  7857 + version "1.2.0"
  7858 + resolved "http://npm.yohops.com/rndm/-/rndm-1.2.0.tgz#f33fe9cfb52bbfd520aa18323bc65db110a1b76c"
  7859 +
7831 run-async@^2.0.0, run-async@^2.2.0: 7860 run-async@^2.0.0, run-async@^2.2.0:
7832 version "2.3.0" 7861 version "2.3.0"
7833 resolved "http://npm.yohops.com/run-async/-/run-async-2.3.0.tgz#0371ab4ae0bdd720d4166d7dfda64ff7a445a6c0" 7862 resolved "http://npm.yohops.com/run-async/-/run-async-2.3.0.tgz#0371ab4ae0bdd720d4166d7dfda64ff7a445a6c0"
@@ -8008,6 +8037,10 @@ setimmediate@^1.0.4: @@ -8008,6 +8037,10 @@ setimmediate@^1.0.4:
8008 version "1.0.5" 8037 version "1.0.5"
8009 resolved "http://npm.yohops.com/setimmediate/-/setimmediate-1.0.5.tgz#290cbb232e306942d7d7ea9b83732ab7856f8285" 8038 resolved "http://npm.yohops.com/setimmediate/-/setimmediate-1.0.5.tgz#290cbb232e306942d7d7ea9b83732ab7856f8285"
8010 8039
  8040 +setprototypeof@1.0.2:
  8041 + version "1.0.2"
  8042 + resolved "http://npm.yohops.com/setprototypeof/-/setprototypeof-1.0.2.tgz#81a552141ec104b88e89ce383103ad5c66564d08"
  8043 +
8011 setprototypeof@1.0.3: 8044 setprototypeof@1.0.3:
8012 version "1.0.3" 8045 version "1.0.3"
8013 resolved "http://npm.yohops.com/setprototypeof/-/setprototypeof-1.0.3.tgz#66567e37043eeb4f04d91bd658c0cbefb55b8e04" 8046 resolved "http://npm.yohops.com/setprototypeof/-/setprototypeof-1.0.3.tgz#66567e37043eeb4f04d91bd658c0cbefb55b8e04"
@@ -8864,6 +8897,10 @@ tslib@^1.9.0: @@ -8864,6 +8897,10 @@ tslib@^1.9.0:
8864 version "1.9.2" 8897 version "1.9.2"
8865 resolved "http://npm.yohops.com/tslib/-/tslib-1.9.2.tgz#8be0cc9a1f6dc7727c38deb16c2ebd1a2892988e" 8898 resolved "http://npm.yohops.com/tslib/-/tslib-1.9.2.tgz#8be0cc9a1f6dc7727c38deb16c2ebd1a2892988e"
8866 8899
  8900 +tsscmp@1.0.5:
  8901 + version "1.0.5"
  8902 + resolved "http://npm.yohops.com/tsscmp/-/tsscmp-1.0.5.tgz#7dc4a33af71581ab4337da91d85ca5427ebd9a97"
  8903 +
8867 tty-browserify@0.0.0: 8904 tty-browserify@0.0.0:
8868 version "0.0.0" 8905 version "0.0.0"
8869 resolved "http://npm.yohops.com/tty-browserify/-/tty-browserify-0.0.0.tgz#a157ba402da24e9bf957f9aa69d524eed42901a6" 8906 resolved "http://npm.yohops.com/tty-browserify/-/tty-browserify-0.0.0.tgz#a157ba402da24e9bf957f9aa69d524eed42901a6"
@@ -8928,6 +8965,12 @@ uglifyjs-webpack-plugin@^1.2.4: @@ -8928,6 +8965,12 @@ uglifyjs-webpack-plugin@^1.2.4:
8928 webpack-sources "^1.1.0" 8965 webpack-sources "^1.1.0"
8929 worker-farm "^1.5.2" 8966 worker-farm "^1.5.2"
8930 8967
  8968 +uid-safe@2.1.4:
  8969 + version "2.1.4"
  8970 + resolved "http://npm.yohops.com/uid-safe/-/uid-safe-2.1.4.tgz#3ad6f38368c6d4c8c75ec17623fb79aa1d071d81"
  8971 + dependencies:
  8972 + random-bytes "~1.0.0"
  8973 +
8931 uid-safe@~2.1.2: 8974 uid-safe@~2.1.2:
8932 version "2.1.5" 8975 version "2.1.5"
8933 resolved "http://npm.yohops.com/uid-safe/-/uid-safe-2.1.5.tgz#2b3d5c7240e8fc2e58f8aa269e5ee49c0857bd3a" 8976 resolved "http://npm.yohops.com/uid-safe/-/uid-safe-2.1.5.tgz#2b3d5c7240e8fc2e58f8aa269e5ee49c0857bd3a"