luno-csrf-node
Implement CSRF protection in your Node.js app using Luno.
Install
npm install --save luno-csrf
You'll also need to install Luno.
Usage
var Luno = ;var CSRF = ;var luno = key: 'YOUR-API-KEY' // Your Luno API key secret: 'YOUR-SECRET-KEY' // Your Luno secret key;var csrf = luno tokenLength: 30 // token length in bytes useName: true // whether to use a crypto key in the csrf property name, e.g. csrf-XXXX = token name: 'csrf-' // the prefix to use before the name key, or the entire key if useName is false nameLength: 12 // name key length in bytes maxTokens: 20 // maximum number of csrf tokens to store per form expiry: 1000 * 60 * 60 * 24 // 24 hours. time before a token becomes invalid expireAfterUse: true // whether a token should become invalid after it's used (recommended) sessionCookieName: 'session' // the name of the session cookie which stores the session key sessionCookieConfig: // session cookie config. adding secure: true when using https is recommended maxAge: 1209600000 httpOnly: true ;
Express
Remember to use cookieParser and bodyParser so cookies and form bodies are parsed.
app; // /admin must be authenticatedapp; app; app;