UNPKG

csrf-guard

Version:

Simple Anti-CSRF Token implementation for Express applications.

github.com/venomaze/csrf-guard

venomaze/csrf-guard

50 lines (43 loc) 1.29 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
const { SynchronizerPattern, HMACBasedPattern } = require('../src/lib/token'); /** * Synchronizer Token Pattern: using generator method directly */ (async () => { const secret = 'secret_key'; const token = await SynchronizerPattern.generateToken(); const signedToken = SynchronizerPattern.signToken(token, secret); const isValid = SynchronizerPattern.verifyToken(token, signedToken, secret); console.log( 'Synchronizer Token Pattern (direct):', token, signedToken, isValid ); })(); /** * Synchronizer Token Pattern: using getToken method */ (async () => { const secret = 'secret_key'; const { serverToken: token, clientToken: signedToken, } = await SynchronizerPattern.getToken(secret); const isValid = SynchronizerPattern.verifyToken(token, signedToken, secret); console.log( 'Synchronizer Token Pattern (get method):', token, signedToken, isValid ); })(); /** * HMAC Based Token Pattern */ (() => { const secret = 'secret_key'; const sid = 'random_session_id'; const token = HMACBasedPattern.generateToken(sid, secret); const isValid = HMACBasedPattern.verifyToken(token, sid, secret); console.log('HMAC Based Token Pattern:', token, isValid); })();