uncsrf/dist/csrf.node.cjs

Single API for CSRF functions, working in Node.js, Browsers and other runtimes

'use strict';

const node_crypto = require('node:crypto');

const defaultEncryptAlgorithm = "aes-256-cbc";
const importEncryptSecret = (secret, _encryptAlgorithm) => {
  return Promise.resolve(Buffer.from(secret ?? randomEncryptSecret()));
};
const create = (secret, encryptSecret, encryptAlgorithm) => {
  const iv = node_crypto.randomBytes(16);
  const cipher = node_crypto.createCipheriv(
    encryptAlgorithm || defaultEncryptAlgorithm,
    Buffer.from(encryptSecret),
    iv
  );
  const encrypted = cipher.update(secret, "utf8", "base64") + cipher.final("base64");
  return Promise.resolve(`${iv.toString("base64")}:${encrypted}`);
};
const verify = (secret, token, encryptSecret, encryptAlgorithm) => {
  const [iv, encrypted] = token.split(":");
  if (!iv || !encrypted) {
    return Promise.resolve(false);
  }
  let decrypted;
  try {
    const decipher = node_crypto.createDecipheriv(
      encryptAlgorithm || defaultEncryptAlgorithm,
      Buffer.from(encryptSecret),
      Buffer.from(iv, "base64")
    );
    decrypted = decipher.update(encrypted, "base64", "utf8") + decipher.final("utf8");
  } catch {
    return Promise.resolve(false);
  }
  return Promise.resolve(decrypted === secret);
};
const randomSecret = () => node_crypto.randomUUID();
const randomEncryptSecret = () => node_crypto.randomBytes(22).toString("base64");

exports.create = create;
exports.defaultEncryptAlgorithm = defaultEncryptAlgorithm;
exports.importEncryptSecret = importEncryptSecret;
exports.randomEncryptSecret = randomEncryptSecret;
exports.randomSecret = randomSecret;
exports.verify = verify;