zexson_toolkit/dist/src/server.js

Zexson Toolkit is a powerful encryption and tokenization library developed by Zexson Team. It offers proprietary encryption algorithms, high-security random token generation, and advanced object comparison features. It includes many advanced security func

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.csrfMiddleware = void 0;
const generator_1 = require("./generator");
let tokens = [];
/**
 * CSRF (Cross-Site Request Forgery) protection middleware for Express applications.
 * This middleware manages CSRF tokens for secure form submissions and API requests.
 *
 * The middleware adds three methods to the request object:
 * - `isCsrf()`: Validates if the current request has a valid CSRF token
 * - `createCsrf()`: Generates a new CSRF token and stores it
 * - `deleteCsrf()`: Removes the current CSRF token
 *
 * Tokens are stored in memory and automatically expire after a set time period.
 *
 * @param {any} req - Express request object
 * @param {any} res - Express response object
 * @param {Function} next - Express next middleware function
 *
 * @example
 * // In your Express app setup
 * import { csrfMiddleware } from './middleware/csrf'
 * app.use(csrfMiddleware)
 *
 * // In your route handler
 * app.post('/form-submit', (req, res) => {
 *   // Verify CSRF token
 *   if (!req.isCsrf()) {
 *     return res.status(403).send('Invalid CSRF token')
 *   }
 *
 *   // Process the request
 *   // ...
 *
 *   // Generate a new token for the next request
 *   const newToken = req.createCsrf()
 *   res.cookie('csrfToken', newToken)
 *   res.send('Success')
 * })
 *
 * @since 1.1.3
 * @category Security
 */
const csrfMiddleware = (req, res, next) => {
    const token = req.cookies.csrfToken, isCsrf = () => (typeof token == 'string' && token.length === 30) ? tokens.find(t => t.token === token && t.expiresAt > Date.now()) != undefined ? true : undefined : undefined, deleteCsrf = () => {
        if (tokens.find(t => t.token === token)) {
            tokens = tokens.filter(t => t.token != req.cookies.csrfToken);
            return true;
        }
        return undefined;
    }, createCsrf = (charSet = '1234567890qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM') => {
        let newToken = (0, generator_1.tokenGenerator)(30, charSet);
        if (isCsrf()) {
            console.log('delete csrf token:', token);
            tokens = tokens.filter(t => t.token != token);
        }
        do
            if (tokens.find(t => t.token === newToken) == undefined)
                break;
            else
                newToken = (0, generator_1.tokenGenerator)(30, charSet);
        while (true);
        console.log('create csrf token:', newToken);
        tokens.push({ token: newToken, expiresAt: Date.now() + /* 86400000 */ 10000 });
        console.log(tokens, tokens.length);
        return newToken;
    };
    req.isCsrf = isCsrf;
    req.createCsrf = createCsrf;
    req.deleteCsrf = deleteCsrf;
    next();
};
exports.csrfMiddleware = csrfMiddleware;
// setInterval(() => tokens.forEach(t => t.expiresAt <= Date.now() ? tokens = tokens.filter(t => t.token != t.token) : undefined), 1000)
setInterval(() => {
    tokens.forEach(t => {
        if (t.expiresAt <= Date.now()) {
            console.log('time is up:', t.token);
            tokens = tokens.filter(t => t.token != t.token);
        }
    });
}, 1000);