Archived

This repository has been archived on 2018-10-12. You can view files and clone it, but cannot push or open issues or pull requests.

History

Timothy J. Warren 21e43fa553 Add csrf module		2014-09-24 17:56:53 -04:00
..
node_modules	Add csrf module	2014-09-24 17:56:53 -04:00
index.js	Add csrf module	2014-09-24 17:56:53 -04:00
package.json	Add csrf module	2014-09-24 17:56:53 -04:00
README.md	Add csrf module	2014-09-24 17:56:53 -04:00

README.md

CSRF

Logic behind CSRF token creation and verification. Read Understanding-CSRF for more information on CSRF. Use this module to create custom CSRF middleware and what not.

Install

$ npm install csrf-tokens

API

var tokens = require('csrf-tokens')(options)

var secret = tokens.secretSync()
var token  = tokens.create(secret)
var valid  = tokens.verify(secret, token)

Options

secretLength: 24 - the byte length of the secret key
saltLength: 8 - the string length of the salt
tokensize: (secret, salt) => token - a custom token creation function

tokens.secret([cb])

Asynchronously create a new secret of length secretLength. If cb is not defined, a promise is returned. You don't have to use this.

tokens.secret().then(function (secret) {

})

tokens.secret(function (err, secret) {

})

var secret = tokens.secretSync()

Synchronous version of tokens.secret()

var token = tokens.token(secret)

Create a CSRF token based on a secret. This is the token you pass to clients.

var valid = tokens.verify(secret, token)

Check whether a CSRF token is valid based on a secret. If it's not valid, you should probably throw a 403 error.