@ordojs/security/dist/csrf/token-generator.d.ts

Security package for OrdoJS with XSS, CSRF, and injection protection

/**
 * CSRF Token Generator
 * Handles generation and validation of CSRF tokens
 */
import type { CSRFConfig, CSRFToken } from './types';
export declare class CSRFTokenGenerator {
    private config;
    constructor(config: CSRFConfig);
    /**
     * Generate a new CSRF token for a session
     */
    generateToken(sessionId: string): CSRFToken;
    /**
     * Validate a CSRF token
     */
    validateToken(tokenValue: string, sessionId: string): {
        valid: boolean;
        error?: string;
        expired?: boolean;
    };
    /**
     * Generate a double-submit cookie token
     */
    generateCookieToken(): string;
    /**
     * Validate double-submit cookie pattern
     */
    validateDoubleSubmit(cookieToken: string, headerToken: string): {
        valid: boolean;
        error?: string;
    };
    /**
     * Sign a payload using HMAC-SHA256
     */
    private signPayload;
    /**
     * Constant-time string comparison to prevent timing attacks
     */
    private constantTimeCompare;
    /**
     * Get configuration values
     */
    getConfig(): Required<CSRFConfig>;
}
//# sourceMappingURL=token-generator.d.ts.map