Skip to content

daiwhea/csrf

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
test
test
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
HISTORY.md
HISTORY.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
example.js
example.js
 
 
index.js
index.js
 
 
package.json
package.json
 
 

Repository files navigation

Koa CSRF Build Status

CSRF tokens for koa.

Install

npm install koa-csrf

API

To install, do:

require('koa-csrf')(app, options)

Options

All options are passed to csrf-tokens.

this.csrf

Lazily creates a CSRF token. CSRF tokens change on every request.

app.use(function* () {
  this.render({
    csrf: this.csrf
  })
})

this.assertCSRF([body])

Check the CSRF token of a request with an optional body. Will throw if the CSRF token does not exist or is not valid.

app.use(function* () {
  var body = yield parse(this) // co-body or something
  try {
    this.assertCSRF(body)
  } catch (err) {
    this.status = 403
    this.body = {
      message: 'This CSRF token is invalid!'
    }
    return
  }
})

Middleware

koa-csrf also provide a koa middleware, it is similar to connect-csrf. in most situation, you only need:

var koa = require('koa')
var csrf = require('koa-csrf')
var session = require('koa-session')

var app = koa()
app.keys = ['session secret']
app.use(session())
csrf(app)
app.use(csrf.middleware)

app.use(function* () {
  if (this.method === 'GET') {
    this.body = this.csrf
  } else if (this.method === 'POST') {
    this.status = 204
  }
})

About

CSRF tokens for koa

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

9 tags

Packages

No packages published

Languages

  • JavaScript 100.0%