UNPKG

@wristband/express-auth

Version:

SDK for integrating your ExpressJS application with Wristband. Handles user authentication, session management, and token management.

wristband.dev

wristband-dev/express-auth

46 lines (45 loc) 1.97 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
import { Request, Response } from 'express'; import { AuthMiddlewareConfig, NormalizedAuthMiddlewareConfig, AuthFailureReason } from '../types'; /** * Normalizes authentication middleware configuration by applying default values for optional fields. * * @param config - User-provided middleware configuration with nested strategy configs * @returns Normalized configuration with all strategy configs in nested objects and defaults applied * @throws {TypeError} If configuration validation fails * * @example * ```typescript * const normalized = normalizeAuthMiddlewareConfig({ * authStrategies: ['SESSION'], * sessionConfig: { * sessionOptions: { secrets: 'my-secret', enableCsrfProtection: true }, * }, * }); * // Returns config with sessionConfig and jwtConfig objects, all defaults applied * ``` */ export declare function normalizeAuthMiddlewareConfig(config: AuthMiddlewareConfig): NormalizedAuthMiddlewareConfig; /** * Validates the CSRF token for API requests to prevent cross-site request forgery attacks. * * Compares the CSRF token stored in the session against the token provided in the * request header. Both must exist and match exactly for validation to pass. * * @param req - The Request object containing headers * @param csrfToken - The CSRF token stored in the session (from session.csrfToken) * @param csrfHeaderName - The header name to check for the token (default: 'X-CSRF-TOKEN') * @returns True if the CSRF token is valid, false otherwise * * @example * ```typescript * const isValid = isValidCsrf(req, session.csrfToken, 'X-CSRF-TOKEN'); * if (!isValid) { * return new NextResponse(null, { status: 403 }); * } * ``` */ export declare function isValidCsrf(req: Request, csrfToken: string | undefined, csrfHeaderName: string): boolean; /** * Sends appropriate error response based on failure reason. */ export declare function sendAuthFailureResponse(res: Response, reason: AuthFailureReason): void;