UNPKG

@lock-sdk/csrf

Version:

CSRF protection module for Lock security framework

120 lines (111 loc) 4.86 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
import * as _lock_sdk_core from '@lock-sdk/core'; declare enum CSRFEventType { CSRF_TOKEN_MISSING = "csrf.token.missing", CSRF_TOKEN_INVALID = "csrf.token.invalid", CSRF_DOUBLE_SUBMIT_FAILURE = "csrf.double.submit.failure", CSRF_VALIDATED = "csrf.validated", CSRF_ERROR = "csrf.error" } type TokenLocation = 'cookie' | 'header' | 'cookie-header' | 'session'; type TokenStorage = 'memory' | 'redis'; interface CookieOptions { httpOnly?: boolean; secure?: boolean; sameSite?: 'strict' | 'lax' | 'none'; path?: string; domain?: string; maxAge?: number; } interface RedisOptions { host?: string; port?: number; password?: string; username?: string; db?: number; keyPrefix?: string; url?: string; client?: any; } interface TokenStorageProvider { init(): Promise<void>; saveToken(token: string, identifier: string, ttl: number): Promise<void>; getToken(identifier: string): Promise<string | null>; validateToken(token: string, identifier: string): Promise<boolean>; deleteToken(identifier: string): Promise<void>; deleteExpiredTokens(): Promise<void>; } interface CSRFConfig { enabled: boolean; tokenName: string; tokenLength: number; headerName: string; cookieName: string; cookieOptions: CookieOptions; storage: TokenStorage; tokenLocation: TokenLocation; ignoredMethods: string[]; ignoredPaths: (string | RegExp)[]; ignoredContentTypes: string[]; failureStatusCode: number; failureMessage: string; refreshToken: boolean; tokenTtl: number; doubleSubmit: boolean; samesite: boolean; redisOptions?: RedisOptions; customStorage?: TokenStorageProvider; hashAlgorithm?: string; secret?: string; includeFormToken?: boolean; angularCompatible?: boolean; } declare function generateToken(length: number, identifier: string, storage: TokenStorageProvider, config: CSRFConfig): Promise<string>; declare function validateToken(token: string, identifier: string, storage: TokenStorageProvider, config: CSRFConfig): Promise<boolean>; declare function hashToken(token: string, secret: string, algorithm?: string): string; declare function generateSecret(): string; declare function generateTokenSync(length: number): string; declare function secureCompare(a: string, b: string): boolean; declare function extractToken(req: any, config: CSRFConfig): string | null; declare function extractFromHeader(req: any, config: CSRFConfig): string | null; declare function extractFromCookie(req: any, config: CSRFConfig): string | null; declare function extractFromBody(req: any, config: CSRFConfig): string | null; declare function extractFromQuery(req: any, config: CSRFConfig): string | null; declare function extractFromSession(req: any, config: CSRFConfig): string | null; declare function parseCookies(cookieString: string): Record<string, string>; declare class MemoryStorage implements TokenStorageProvider { private store; private cleanupInterval; constructor(); init(): Promise<void>; saveToken(token: string, identifier: string, ttl: number): Promise<void>; getToken(identifier: string): Promise<string | null>; validateToken(token: string, identifier: string): Promise<boolean>; deleteToken(identifier: string): Promise<void>; deleteExpiredTokens(): Promise<void>; private scheduleCleanup; } declare class RedisStorage implements TokenStorageProvider { private client; private keyPrefix; private options; private externalClient; constructor(options?: RedisOptions); init(): Promise<void>; saveToken(token: string, identifier: string, ttl: number): Promise<void>; getToken(identifier: string): Promise<string | null>; validateToken(token: string, identifier: string): Promise<boolean>; deleteToken(identifier: string): Promise<void>; deleteExpiredTokens(): Promise<void>; private ensureInitialized; private getKey; private isRedisV4; close(): Promise<void>; } declare function createStorage(config: CSRFConfig): TokenStorageProvider; /** * Create a CSRF protection security module * @param config Module configuration */ declare const csrfProtection: (config?: Partial<CSRFConfig> | undefined) => _lock_sdk_core.SecurityModule; declare function csrfToken(config?: Partial<CSRFConfig>): (req: any, res: any, next: Function) => Promise<void>; export { type CSRFConfig, CSRFEventType, type CookieOptions, MemoryStorage, type RedisOptions, RedisStorage, type TokenLocation, type TokenStorage, type TokenStorageProvider, createStorage, csrfProtection, csrfToken, extractFromBody, extractFromCookie, extractFromHeader, extractFromQuery, extractFromSession, extractToken, generateSecret, generateToken, generateTokenSync, hashToken, parseCookies, secureCompare, validateToken };