aimless-sdk
Version:
Enhanced Runtime Application Self-Protection (RASP) and API Fuzzing Engine with advanced threat detection, behavioral analysis, and intelligent response scoring for Node.js applications
66 lines • 1.88 kB
TypeScript
import { SecurityThreat } from '../types';
export declare class CSRFDetector {
private trustedOrigins;
private tokenStore;
private readonly defaultExpiry;
private readonly cleanupInterval;
private cleanupTimer?;
constructor(trustedOrigins?: string[]);
/**
* Auto-cleanup expired tokens
*/
private startCleanup;
/**
* Clean up expired tokens to prevent memory leaks
*/
private cleanupExpiredTokens;
/**
* Stop cleanup timer (call when shutting down)
*/
destroy(): void;
/**
* Generate a cryptographically secure CSRF token
*/
generateToken(sessionId: string, expiryMs?: number): string;
/**
* Validate CSRF token with one-time use option
*/
validateToken(sessionId: string, token: string, oneTimeUse?: boolean): boolean;
/**
* Timing-safe comparison to prevent timing attacks
*/
private timingSafeEqual;
/**
* Enhanced CSRF detection with better origin validation
*/
detect(method: string, origin: string | undefined, referer: string | undefined, csrfToken: string | undefined, sessionId: string | undefined, cookies?: Record<string, string>): SecurityThreat | null;
/**
* Check if origin is trusted
*/
private isTrustedOrigin;
/**
* Add a trusted origin
*/
addTrustedOrigin(origin: string): void;
/**
* Remove a trusted origin
*/
removeTrustedOrigin(origin: string): void;
/**
* Get all trusted origins
*/
getTrustedOrigins(): string[];
/**
* Revoke a specific token
*/
revokeToken(sessionId: string): boolean;
/**
* Get token info (for debugging/monitoring)
*/
getTokenInfo(sessionId: string): {
valid: boolean;
expiresIn?: number;
used?: boolean;
};
}
//# sourceMappingURL=csrf-detector.d.ts.map