82 lines
2.4 KiB
Markdown
82 lines
2.4 KiB
Markdown
|
# CSRF
|
||
|
|
||
|
[![NPM version][npm-image]][npm-url]
|
||
|
[![Build status][travis-image]][travis-url]
|
||
|
[![Test coverage][coveralls-image]][coveralls-url]
|
||
|
[![Dependency Status][david-image]][david-url]
|
||
|
[![License][license-image]][license-url]
|
||
|
[![Downloads][downloads-image]][downloads-url]
|
||
|
|
||
|
Logic behind CSRF token creation and verification.
|
||
|
Read [Understanding-CSRF](http://www.jongleberry.com/understanding-csrf.html) for more information on CSRF.
|
||
|
Use this module to create custom CSRF middleware and what not.
|
||
|
|
||
|
### Install
|
||
|
|
||
|
```bash
|
||
|
$ npm install csrf-tokens
|
||
|
```
|
||
|
|
||
|
## API
|
||
|
|
||
|
```js
|
||
|
var tokens = require('csrf-tokens')(options)
|
||
|
|
||
|
var secret = tokens.secretSync()
|
||
|
var token = tokens.create(secret)
|
||
|
var valid = tokens.verify(secret, token)
|
||
|
```
|
||
|
|
||
|
### Options
|
||
|
|
||
|
- `secretLength: 24` - the byte length of the secret key
|
||
|
- `saltLength: 8` - the string length of the salt
|
||
|
- `tokensize: (secret, salt) => token` - a custom token creation function
|
||
|
|
||
|
#### tokens.secret([cb])
|
||
|
|
||
|
Asynchronously create a new `secret` of length `secretLength`.
|
||
|
If `cb` is not defined, a promise is returned.
|
||
|
You don't have to use this.
|
||
|
|
||
|
```js
|
||
|
tokens.secret().then(function (secret) {
|
||
|
|
||
|
})
|
||
|
|
||
|
tokens.secret(function (err, secret) {
|
||
|
|
||
|
})
|
||
|
```
|
||
|
|
||
|
#### var secret = tokens.secretSync()
|
||
|
|
||
|
Synchronous version of `tokens.secret()`
|
||
|
|
||
|
#### var token = tokens.token(secret)
|
||
|
|
||
|
Create a CSRF token based on a `secret`.
|
||
|
This is the token you pass to clients.
|
||
|
|
||
|
#### var valid = tokens.verify(secret, token)
|
||
|
|
||
|
Check whether a CSRF token is valid based on a `secret`.
|
||
|
If it's not valid, you should probably throw a `403` error.
|
||
|
|
||
|
## [License (MIT)](LICENSE)
|
||
|
|
||
|
[npm-image]: https://img.shields.io/npm/v/csrf.svg?style=flat-square
|
||
|
[npm-url]: https://npmjs.org/package/csrf
|
||
|
[github-tag]: http://img.shields.io/github/tag/pillarjs/csrf.svg?style=flat-square
|
||
|
[github-url]: https://github.com/pillarjs/csrf/tags
|
||
|
[travis-image]: https://img.shields.io/travis/pillarjs/csrf.svg?style=flat-square
|
||
|
[travis-url]: https://travis-ci.org/pillarjs/csrf
|
||
|
[coveralls-image]: https://img.shields.io/coveralls/pillarjs/csrf.svg?style=flat-square
|
||
|
[coveralls-url]: https://coveralls.io/r/pillarjs/csrf?branch=master
|
||
|
[david-image]: http://img.shields.io/david/pillarjs/csrf.svg?style=flat-square
|
||
|
[david-url]: https://david-dm.org/pillarjs/csrf
|
||
|
[license-image]: http://img.shields.io/npm/l/csrf.svg?style=flat-square
|
||
|
[license-url]: LICENSE
|
||
|
[downloads-image]: http://img.shields.io/npm/dm/csrf.svg?style=flat-square
|
||
|
[downloads-url]: https://npmjs.org/package/csrf
|