@ordojs/security
Version:
Security package for OrdoJS with XSS, CSRF, and injection protection
75 lines • 2.13 kB
TypeScript
/**
* CSRF Protection Types
* Defines interfaces and types for CSRF protection functionality
*/
export interface CSRFConfig {
/** Secret key for token generation */
secret: string;
/** Token expiration time in milliseconds (default: 1 hour) */
tokenExpiry?: number;
/** Cookie name for double-submit pattern */
cookieName?: string;
/** Header name for CSRF token */
headerName?: string;
/** Form field name for CSRF token */
fieldName?: string;
/** Whether to use secure cookies */
secureCookie?: boolean;
/** Whether to use httpOnly cookies */
httpOnlyCookie?: boolean;
/** SameSite cookie attribute */
sameSite?: 'strict' | 'lax' | 'none';
}
export interface CSRFToken {
/** The token value */
value: string;
/** Token expiration timestamp */
expiresAt: number;
/** Session ID associated with the token */
sessionId: string;
}
export interface CSRFValidationResult {
/** Whether the token is valid */
valid: boolean;
/** Error message if validation failed */
error?: string;
/** Whether the token has expired */
expired?: boolean;
}
export interface CSRFSession {
/** Session identifier */
id: string;
/** Active tokens for this session */
tokens: Map<string, CSRFToken>;
/** Session creation timestamp */
createdAt: number;
/** Last activity timestamp */
lastActivity: number;
}
export interface CSRFRequest {
/** Request headers */
headers: Record<string, string>;
/** Request body (for form data) */
body?: any;
/** Request cookies */
cookies?: Record<string, string>;
/** Session ID */
sessionId?: string;
}
export interface CSRFResponse {
/** Response headers to set */
headers: Record<string, string>;
/** Cookies to set */
cookies: Array<{
name: string;
value: string;
options: {
httpOnly?: boolean;
secure?: boolean;
sameSite?: 'strict' | 'lax' | 'none';
maxAge?: number;
path?: string;
};
}>;
}
//# sourceMappingURL=types.d.ts.map