UNPKG

malibu

Version:

Framework-agnostic CSRF middleware

github.com/tinyhttp/malibu

tinyhttp/malibu

53 lines (52 loc) 1.77 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
/// <reference types="node" /> /// <reference types="node" /> import { IncomingMessage, ServerResponse } from 'http'; import { ParsedUrlQuery } from 'querystring'; import { SerializeOptions } from '@tinyhttp/cookie'; export interface CSRFRequest extends IncomingMessage { csrfToken(): string; secret?: string | string[]; signedCookies?: any; cookies?: any; query?: ParsedUrlQuery; body?: any; } type HTTPMethod = 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH' | 'OPTIONS' | 'HEAD' | 'TRACE'; type MiddlewareOptions = 'session' | 'cookie'; /** * Options for CSRF constructor. * Refer to README for more information. */ export interface CSRFOptions { middleware?: MiddlewareOptions; cookie?: CookieOptions; sessionKey?: string; value?: (req: CSRFRequest | IncomingMessage) => any; ignoreMethod?: HTTPMethod[]; saltLength?: number; secretLength?: number; } /** * Options for cookie value. * Extends SerializeOptions from @tinyhttp/cookie. */ export type CookieOptions = SerializeOptions & { signed?: boolean; key?: string; path?: string; }; /** * Initiate CSRF (Cross-Site Request Forgery) Protection middleware. * @function csrf * @param {CSRFOptions} opts Given configuration options * @returns {(req: CSRFRequest, res: ServerResponse, next: () => void) => void} CSRF Protection Middleware * @example * const csrfProtection = csrf() * app.use(cookieParser()) // or a session middleware, if you prefer * * app.get("/", csrfProtection, (req, res) => { * res.status(200).json({ token: req.csrfToken() }); * }); */ export declare function csrf(opts?: CSRFOptions): (req: CSRFRequest, res: ServerResponse, next: () => void) => void; export {};