Narcoleptic Programmers' Medicine
    Wondering what’s next for npm?Check out our public roadmap! »

    csrf-tokens

    2.0.0 • Public • Published

    CSRF Tokens

    Logic behind CSRF token creation and verification. Read Understanding-CSRF for more information on CSRF. Use this module to create custom CSRF middleware and what not.

    API

    var tokens = require('csrf-tokens')(options)
     
    var secret = tokens.secretSync()
    var token = tokens.create(secret)
    var valid = tokens.verify(secret, token)

    Options:

    • secretLength: 24 - the byte length of the secret key
    • saltLength: 8 - the string length of the salt
    • tokensize: (secret, salt) => token - a custom token creation function

    tokens.secret([cb])

    Asynchronously create a new secret of length secretLength. If cb is not defined, a promise is returned. You don't have to use this.

    tokens.secret().then(function (secret) {
     
    })
     
    tokens.secret(function (err, secret) {
     
    })

    var secret = tokens.secretSync()

    Synchronous version of tokens.secret()

    var token = tokens.token(secret)

    Create a CSRF token based on a secret. This is the token you pass to clients.

    var valid = tokens.verify(secret, token)

    Check whether a CSRF token is valid based on a secret. If it's not valid, you should probably throw a 403 error.

    Keywords

    none

    Install

    npm i csrf-tokens

    DownloadsWeekly Downloads

    4,359

    Version

    2.0.0

    License

    MIT

    Last publish

    Collaborators

    • avatar
    • avatar