node-task/node_modules/csurf/node_modules/csrf/README.md

# CSRF

[![NPM version][npm-image]][npm-url]
[![Build status][travis-image]][travis-url]
[![Test coverage][coveralls-image]][coveralls-url]
[![Dependency Status][david-image]][david-url]
[![License][license-image]][license-url]
[![Downloads][downloads-image]][downloads-url]

Logic behind CSRF token creation and verification.
Read [Understanding-CSRF](http://www.jongleberry.com/understanding-csrf.html) for more information on CSRF.
Use this module to create custom CSRF middleware and what not.

### Install

```bash
$ npm install csrf-tokens
```

## API

```js
var tokens = require('csrf-tokens')(options)

var secret = tokens.secretSync()
var token  = tokens.create(secret)
var valid  = tokens.verify(secret, token)
```

### Options

- `secretLength: 24` - the byte length of the secret key
- `saltLength: 8` - the string length of the salt
- `tokensize: (secret, salt) => token` - a custom token creation function

#### tokens.secret([cb])

Asynchronously create a new `secret` of length `secretLength`.
If `cb` is not defined, a promise is returned.
You don't have to use this.

```js
tokens.secret().then(function (secret) {

})

tokens.secret(function (err, secret) {

})
```

#### var secret = tokens.secretSync()

Synchronous version of `tokens.secret()`

#### var token = tokens.token(secret)

Create a CSRF token based on a `secret`.
This is the token you pass to clients.

#### var valid = tokens.verify(secret, token)

Check whether a CSRF token is valid based on a `secret`.
If it's not valid, you should probably throw a `403` error.

## [License (MIT)](LICENSE)

[npm-image]: https://img.shields.io/npm/v/csrf.svg?style=flat-square
[npm-url]: https://npmjs.org/package/csrf
[github-tag]: http://img.shields.io/github/tag/pillarjs/csrf.svg?style=flat-square
[github-url]: https://github.com/pillarjs/csrf/tags
[travis-image]: https://img.shields.io/travis/pillarjs/csrf.svg?style=flat-square
[travis-url]: https://travis-ci.org/pillarjs/csrf
[coveralls-image]: https://img.shields.io/coveralls/pillarjs/csrf.svg?style=flat-square
[coveralls-url]: https://coveralls.io/r/pillarjs/csrf?branch=master
[david-image]: http://img.shields.io/david/pillarjs/csrf.svg?style=flat-square
[david-url]: https://david-dm.org/pillarjs/csrf
[license-image]: http://img.shields.io/npm/l/csrf.svg?style=flat-square
[license-url]: LICENSE
[downloads-image]: http://img.shields.io/npm/dm/csrf.svg?style=flat-square
[downloads-url]: https://npmjs.org/package/csrf
Add csrf module 2014-09-24 17:56:53 -04:00			`# CSRF`

			`[![NPM version][npm-image]][npm-url]`
			`[![Build status][travis-image]][travis-url]`
			`[![Test coverage][coveralls-image]][coveralls-url]`
			`[![Dependency Status][david-image]][david-url]`
			`[![License][license-image]][license-url]`
			`[![Downloads][downloads-image]][downloads-url]`

			`Logic behind CSRF token creation and verification.`
			`Read [Understanding-CSRF](http://www.jongleberry.com/understanding-csrf.html) for more information on CSRF.`
			`Use this module to create custom CSRF middleware and what not.`

			`### Install`

			```bash
			`$ npm install csrf-tokens`
			```

			`## API`

			```js
			`var tokens = require('csrf-tokens')(options)`

			`var secret = tokens.secretSync()`
			`var token = tokens.create(secret)`
			`var valid = tokens.verify(secret, token)`
			```

			`### Options`

			- `secretLength: 24` - the byte length of the secret key
			- `saltLength: 8` - the string length of the salt
			- `tokensize: (secret, salt) => token` - a custom token creation function

			`#### tokens.secret([cb])`

			Asynchronously create a new `secret` of length `secretLength`.
			If `cb` is not defined, a promise is returned.
			`You don't have to use this.`

			```js
			`tokens.secret().then(function (secret) {`

			`})`

			`tokens.secret(function (err, secret) {`

			`})`
			```

			`#### var secret = tokens.secretSync()`

			Synchronous version of `tokens.secret()`

			`#### var token = tokens.token(secret)`

			Create a CSRF token based on a `secret`.
			`This is the token you pass to clients.`

			`#### var valid = tokens.verify(secret, token)`

			Check whether a CSRF token is valid based on a `secret`.
			If it's not valid, you should probably throw a `403` error.

			`## [License (MIT)](LICENSE)`

			`[npm-image]: https://img.shields.io/npm/v/csrf.svg?style=flat-square`
			`[npm-url]: https://npmjs.org/package/csrf`
			`[github-tag]: http://img.shields.io/github/tag/pillarjs/csrf.svg?style=flat-square`
			`[github-url]: https://github.com/pillarjs/csrf/tags`
			`[travis-image]: https://img.shields.io/travis/pillarjs/csrf.svg?style=flat-square`
			`[travis-url]: https://travis-ci.org/pillarjs/csrf`
			`[coveralls-image]: https://img.shields.io/coveralls/pillarjs/csrf.svg?style=flat-square`
			`[coveralls-url]: https://coveralls.io/r/pillarjs/csrf?branch=master`
			`[david-image]: http://img.shields.io/david/pillarjs/csrf.svg?style=flat-square`
			`[david-url]: https://david-dm.org/pillarjs/csrf`
			`[license-image]: http://img.shields.io/npm/l/csrf.svg?style=flat-square`
			`[license-url]: LICENSE`
			`[downloads-image]: http://img.shields.io/npm/dm/csrf.svg?style=flat-square`
			`[downloads-url]: https://npmjs.org/package/csrf`