type-graphql-csrf-middleware
    TypeScript icon, indicating that this package has built-in type declarations

    0.0.3 • Public • Published

    type-graphql-csrf-middleware

    CI Status npm version types included

    TypeGraphQL middleware for handling csrf tokens with an express server and express-session.

    Required Peer Dependencies:

    • express
    • express-session
    • crsf
    • cookie-parser
    • graphql
    • type-graphql

    Installation

    npm install type-graphql-csrf-middleware
    
    yarn add type-graphql-csrf-middleware
    import { ValidAntiForgeryToken } from "type-graphql-csrf-middleware";

    Getting Started

    Your express server will need to add a csrf token as a cookie and a csrf secret to the session. Below is an example express route middleware to add the tokens.

    const addCsrf = (req: Request, res: Response, next: NextFunction) => {
        const tokens = new Tokens();
        const secret = tokens.secretSync();
        const token = tokens.create(secret);
    
        res.cookie("csrfToken", token);
        req.session.csrfSecret = secret;
    
        next();
    };

    Resolver Middleware Use

    The type-graphql middleware needs a cookie key and a session key that are used in your express route middleware function like the previous example in order to verify the token.

    import { ValidAntiForgeryToken } from "type-graphql-csrf-middleware";
    
    @Resolver(User)
    export class UserResolver {
        @Query(() => User)
        @UseMiddleware(ValidAntiForgeryToken({ cookieKey: "csrfToken", secretKey: "csrfSecret" }))
        async me(@Ctx() ctx: MyContext): Promise<User | undefined> {
            {...}
        }
    }

    The middleware can also be reusable between resolver functions.

    import { ValidAntiForgeryToken } from "type-graphql-csrf-middleware";
    
    const Authorized = ValidAntiForgeryToken({
        cookieKey: "csrfToken",
        secretKey: "csrfSecret",
        message: "Access Denied!"
    });
    
    {...}
    
    @Resolver(User)
    export class UserResolver {
        @Query(() => User)
        @UseMiddleware(Authorized)
        async me(@Ctx() ctx: MyContext): Promise<User | undefined> {
            {...}
        }
    }

    Install

    npm i type-graphql-csrf-middleware

    DownloadsWeekly Downloads

    2

    Version

    0.0.3

    License

    MIT

    Unpacked Size

    6.29 kB

    Total Files

    5

    Last publish

    Collaborators

    • clarktozer