@ordojs/security
Version:
Security package for OrdoJS with XSS, CSRF, and injection protection
68 lines • 1.93 kB
TypeScript
/**
* CSRF Manager
* Main interface for CSRF protection functionality
*/
import type { CSRFConfig, CSRFRequest, CSRFResponse, CSRFToken, CSRFValidationResult } from './types';
export declare class CSRFManager {
private tokenGenerator;
private sessionManager;
private config;
constructor(config: CSRFConfig);
/**
* Generate a new CSRF token for a session
*/
generateToken(sessionId: string): CSRFToken;
/**
* Validate a CSRF token using session-based validation
*/
validateToken(tokenValue: string, sessionId: string): CSRFValidationResult;
/**
* Generate and set up double-submit cookie protection
*/
setupDoubleSubmitProtection(sessionId: string): CSRFResponse;
/**
* Validate double-submit cookie pattern
*/
validateDoubleSubmit(request: CSRFRequest): CSRFValidationResult;
/**
* Validate CSRF protection for a request
*/
validateRequest(request: CSRFRequest): CSRFValidationResult;
/**
* Extract CSRF token from request (header or form field)
*/
private extractTokenFromRequest;
/**
* Generate HTML form field for CSRF token
*/
generateFormField(sessionId: string): string;
/**
* Generate JavaScript code for automatic token injection
*/
generateClientScript(sessionId?: string): string;
/**
* Consume a token (for one-time use)
*/
consumeToken(sessionId: string, tokenValue: string): boolean;
/**
* Remove a session and all its tokens
*/
removeSession(sessionId: string): boolean;
/**
* Get session statistics
*/
getStats(): {
totalSessions: number;
totalTokens: number;
activeSessions: number;
};
/**
* Clean up resources
*/
destroy(): void;
/**
* Get configuration
*/
getConfig(): Required<CSRFConfig>;
}
//# sourceMappingURL=csrf-manager.d.ts.map