JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 842487
  • Score
    100M100P100Q216076F
  • License MIT

primary logic behind csrf tokens

Package Exports

  • csrf

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (csrf) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

CSRF

NPM version Build status Test coverage Dependency Status License Downloads

Logic behind CSRF token creation and verification. Read Understanding-CSRF for more information on CSRF. Use this module to create custom CSRF middleware and what not.

Install

$ npm install csrf-tokens

API

var tokens = require('csrf-tokens')(options)

var secret = tokens.secretSync()
var token  = tokens.create(secret)
var valid  = tokens.verify(secret, token)

Options

  • secretLength: 24 - the byte length of the secret key
  • saltLength: 8 - the string length of the salt
  • tokensize: (secret, salt) => token - a custom token creation function

tokens.secret([cb])

Asynchronously create a new secret of length secretLength. If cb is not defined, a promise is returned. You don't have to use this.

tokens.secret().then(function (secret) {

})

tokens.secret(function (err, secret) {

})

var secret = tokens.secretSync()

Synchronous version of tokens.secret()

var token = tokens.token(secret)

Create a CSRF token based on a secret. This is the token you pass to clients.

var valid = tokens.verify(secret, token)

Check whether a CSRF token is valid based on a secret. If it's not valid, you should probably throw a 403 error.

License (MIT)