csrf

primary logic behind csrf tokens

CSRF

Logic behind CSRF token creation and verification. Read Understanding-CSRF for more information on CSRF. Use this module to create custom CSRF middleware and what not.

Install

$ npm install csrf

API

var csrf = require('csrf')(options)
 
var secret = csrf.secretSync()
var token  = csrf.create(secret)
var valid  = csrf.verify(secret, token)

Options

  • secretLength: 24 - the byte length of the secret key
  • saltLength: 8 - the string length of the salt
  • tokensize: (secret, salt) => token - a custom token creation function

csrf.secret([cb])

Asynchronously create a new secret of length secretLength. If cb is not defined, a promise is returned. You don't have to use this.

csrf.secret().then(function (secret) {
 
})
 
csrf.secret(function (errsecret) {
 
})

var secret = csrf.secretSync()

Synchronous version of csrf.secret()

var token = csrf.create(secret)

Create a CSRF token based on a secret. This is the token you pass to clients.

var valid = csrf.verify(secret, token)

Check whether a CSRF token is valid based on a secret. If it's not valid, you should probably throw a 403 error.

License

MIT

Maintainers

Stats

Keywords

csrf, tokens

Dependencies (4)

base64-url, rndm, scmp, uid-safe

Dependents

csurf, koa-atomic-session, koa-csrf, osh-pages, rootpanel.