JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 2982
  • Score
    100M100P100Q152900F
  • License MIT

primary logic behind csrf tokens

Package Exports

  • csrf-tokens

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (csrf-tokens) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

CSRF Tokens

Logic behind CSRF token creation and verification. Read Understanding-CSRF for more information on CSRF. Use this module to create custom CSRF middleware and what not.

API

var tokens = require('csrf-tokens')(options)

var secret = tokens.secretSync()
var token = tokens.create(secret)
var valid = tokens.verify(secret, token)

Options:

  • secretLength: 24 - the byte length of the secret key
  • saltLength: 8 - the string length of the salt
  • tokensize: (secret, salt) => token - a custom token creation function

tokens.secret([cb])

Asynchronously create a new secret of length secretLength. If cb is not defined, a promise is returned. You don't have to use this.

tokens.secret().then(function (secret) {

})

tokens.secret(function (err, secret) {

})

var secret = tokens.secretSync()

Synchronous version of tokens.secret()

var token = tokens.token(secret)

Create a CSRF token based on a secret. This is the token you pass to clients.

var valid = tokens.verify(secret, token)

Check whether a CSRF token is valid based on a secret. If it's not valid, you should probably throw a 403 error.