UNPKG

next-auth

Version:

Authentication for Next.js

next-auth.js.org

nextauthjs/next-auth

36 lines (31 loc) 916 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.createCSRFToken = createCSRFToken; var _crypto = require("crypto"); function createCSRFToken({ options, cookieValue, isPost, bodyValue }) { if (cookieValue) { const [csrfToken, csrfTokenHash] = cookieValue.split("|"); const expectedCsrfTokenHash = (0, _crypto.createHash)("sha256").update(`${csrfToken}${options.secret}`).digest("hex"); if (csrfTokenHash === expectedCsrfTokenHash) { const csrfTokenVerified = isPost && csrfToken === bodyValue; return { csrfTokenVerified, csrfToken }; } } const csrfToken = (0, _crypto.randomBytes)(32).toString("hex"); const csrfTokenHash = (0, _crypto.createHash)("sha256").update(`${csrfToken}${options.secret}`).digest("hex"); const cookie = `${csrfToken}|${csrfTokenHash}`; return { cookie, csrfToken }; }