Basic CSRF prevention middleware using a double submit cookie
This was designed to be drop-in middleware. app.use(doublecookie()) accepting all the defaults, then pass locals.postCheck into your template as a hidden form field.
See csurf first
owasp csrf
Liran Tal video - Node JS: Security Breaking the Loop