Lanil Marasinghe laniltee

## validate_double.js
// Submit Form Data
app.post('/posts', (req, res) => {

    const inputTitle = req.body.inputTitle;
    const inputContent = req.body.inputContent;

    const inputToken = req.body.inputToken;
    const cookieToken = req.cookies['csrf-token'];

    // Checking if Cookie Token matches CSRF Token Submitted

## form_double.html
<script>
    function getTokenAndInject() {
        const CSRF_TOKEN = Cookies.get('csrf-token');
        $("#contentForm").append(
            `<input type="text" hidden name="inputToken" id="inputToken" value=${CSRF_TOKEN} />`
        )
</script>

## sample
HTTP/1.1 200 OK
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Set-Cookie: session-id=ff92a770-d937-11e8-a4f8-eba9f6bc5b66
Set-Cookie: time=1540569516904
Set-Cookie: csrf-token=22fdb868-5f52-45a5-b85b-c5ace7af43e8
Accept-Ranges: bytes

## double.js
// Validate Credentials
app.post('/home', (req, res) => {

    const username = req.body.inputUsername;
    const password = req.body.inputPassword;

    const sessionID = req.cookies['session-id'];
    const cookieToken = req.cookies['csrf-token'];

    if (username === 'root' && password === 'root') {

## logout.js
// Signs out and clear the session ID with CSRF token
app.post('/logout', (req, res) => {

    const sessionID = req.cookies['session-id'];
    delete SESSION_IDS[sessionID];

    console.log(sessionID + ': Removed');

    res.clearCookie("session-id");
    res.clearCookie("time");

## form.js
// Submit Form Data
app.post('/posts', (req, res) => {

    const inputTitle = req.body.inputTitle;
    const inputContent = req.body.inputContent;
    const inputToken = req.body.inputToken;
    const sessionID = req.cookies['session-id'];

    // Checking if Session ID matches CSRF Cookie
    if (SESSION_IDS[sessionID] && SESSION_IDS[sessionID] === inputToken) {

## form.html
<script>
   function getTokenAndInject() {
        $("#errorMessage").hide();
        axios.post('/tokens', {withCredentials: true})
            .then(response => {
                $("#contentForm").append(
                    `<input type="text" hidden name="inputToken" id="inputToken" value=${response.data.token} />`
                )
            })
            .catch(error => {

## login.js
// Validate Credentials
app.post('/home', (req, res) => {

    const username = req.body.inputUsername;
    const password = req.body.inputPassword;

    if (username === 'root' && password === 'root') {

        console.log("Home: Logged with valid credentials");

## index.js
// Applying middleware
app.use(bodyParser.urlencoded({extended: false}));
app.use(bodyParser.json());
app.use(cookieParser());
app.use(nocache());

// Views
app.use(express.static('views'));

// Server Startup

## login.js
// Login Page Load
app.get('/', (req, res) => {

    const sessionID = req.cookies['session-id'];
    if (sessionID && SESSION_IDS[sessionID]) {
        console.log("Login: Valid Session Found !");
        res.sendFile('views/form.html', {root: __dirname});
    } else {
        console.log("Login: No Valid Session Found !");
        res.sendFile('views/login.html', {root: __dirname});
	// Submit Form Data
	app.post('/posts', (req, res) => {

	const inputTitle = req.body.inputTitle;
	const inputContent = req.body.inputContent;

	const inputToken = req.body.inputToken;
	const cookieToken = req.cookies['csrf-token'];

	// Checking if Cookie Token matches CSRF Token Submitted
	<script>
	function getTokenAndInject() {
	const CSRF_TOKEN = Cookies.get('csrf-token');
	$("#contentForm").append(
	`<input type="text" hidden name="inputToken" id="inputToken" value=${CSRF_TOKEN} />`
	)
	</script>
	HTTP/1.1 200 OK
	X-Powered-By: Express
	Surrogate-Control: no-store
	Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
	Pragma: no-cache
	Expires: 0
	Set-Cookie: session-id=ff92a770-d937-11e8-a4f8-eba9f6bc5b66
	Set-Cookie: time=1540569516904
	Set-Cookie: csrf-token=22fdb868-5f52-45a5-b85b-c5ace7af43e8
	Accept-Ranges: bytes
	// Validate Credentials
	app.post('/home', (req, res) => {

	const username = req.body.inputUsername;
	const password = req.body.inputPassword;

	const sessionID = req.cookies['session-id'];
	const cookieToken = req.cookies['csrf-token'];

	if (username === 'root' && password === 'root') {
	// Signs out and clear the session ID with CSRF token
	app.post('/logout', (req, res) => {

	const sessionID = req.cookies['session-id'];
	delete SESSION_IDS[sessionID];

	console.log(sessionID + ': Removed');

	res.clearCookie("session-id");
	res.clearCookie("time");
	<script>
	function getTokenAndInject() {
	$("#errorMessage").hide();
	axios.post('/tokens', {withCredentials: true})
	.then(response => {
	$("#contentForm").append(
	`<input type="text" hidden name="inputToken" id="inputToken" value=${response.data.token} />`
	)
	})
	.catch(error => {
	// Applying middleware
	app.use(bodyParser.urlencoded({extended: false}));
	app.use(bodyParser.json());
	app.use(cookieParser());
	app.use(nocache());

	// Views
	app.use(express.static('views'));

	// Server Startup
	// Login Page Load
	app.get('/', (req, res) => {

	const sessionID = req.cookies['session-id'];
	if (sessionID && SESSION_IDS[sessionID]) {
	console.log("Login: Valid Session Found !");
	res.sendFile('views/form.html', {root: __dirname});
	} else {
	console.log("Login: No Valid Session Found !");
	res.sendFile('views/login.html', {root: __dirname});