secure-express-setup/lib/csrf.js

Military-grade one-command security setup for Express.js applications

// lib/csrf.js
const { doubleCsrf } = require("edge-csrf");

module.exports = function setupCsrf(app) {
  const csrf = doubleCsrf({
    getSecret: () => process.env.CSRF_SECRET || "dev-secret",
    cookieName: "csrf-token",
    cookieOptions: {
      httpOnly: true,
      secure: false,
      sameSite: "strict"
    }
  });

  // Expose generate token
  app.use((req, res, next) => {
    res.locals.csrfToken = csrf.generateToken(req, res);
    next();
  });

  return csrf; // Return the csrf object, not just validateRequest
};