2.7.1 • Published 1 year ago

@mashroom/mashroom-csrf-protection v2.7.1

Weekly downloads
20
License
MIT
Repository
github
Last release
1 year ago

Mashroom CSRF Protection

Plugin for Mashroom Server, a Microfrontend Integration Platform.

If you add this plugin all updating HTTP methods (such as POST, PUT and DELETE) must contain a CSRF token automatically generated for the session. Otherwise, the request will be rejected.

There are two ways to pass the token:

  • As HTTP header X-CSRF-Token
  • As query parameter csrfToken

You can use the MashroomCSRFService to get the current token.

Mashroom Portal automatically uses this plugin to secure all requests if available.

Usage

If node_modules/@mashroom is configured as plugin path just add @mashroom/mashroom-csrf-protection as dependency.

After that you can use the service like this:

import type {MashroomCacheControlService} from '@mashroom/mashroom-csrf-protection/type-definitions';

export default (req: Request, res: Response) => {

    const csrfService: MashroomCacheControlService = req.pluginContext.services.csrf.service;
    const token = csrfService.getCSRFToken(req);

    // ...
}

You can override the default config in your Mashroom config file like this:

{
  "plugins": {
        "Mashroom CSRF Middleware": {
            "safeMethods": ["GET", "HEAD", "OPTIONS"]
        },
        "Mashroom CSRF Services": {
            "saltLength": 8,
            "secretLength": 18
        }
    }
}
  • safeMethods: List of HTTP methods that require no CSRF token check (Default: "GET", "HEAD", "OPTIONS").
  • saltLength and secretLength are passed to the csrf package.

Services

MashroomCSRFService

The exposed service is accessible through pluginContext.services.csrf.service

Interface:

export interface MashroomCSRFService {

    /**
     * Get the current CSRF token for this session
     */
    getCSRFToken(request: Request): string;

    /**
     * Check if the given token is valid
     */
    isValidCSRFToken(request: Request, token: string): boolean;
}
2.7.0

1 year ago

2.7.1

1 year ago

2.6.1

1 year ago

2.6.0

1 year ago

2.5.4

1 year ago

2.5.3

1 year ago

2.5.2

1 year ago

2.5.1

1 year ago

2.5.0

2 years ago

2.4.3

2 years ago

2.4.5

2 years ago

2.4.4

2 years ago

2.4.1

2 years ago

2.4.0

2 years ago

2.4.2

2 years ago

2.3.0

2 years ago

2.3.2

2 years ago

2.3.1

2 years ago

2.2.3

3 years ago

2.2.2

3 years ago

2.2.1

3 years ago

2.2.0

3 years ago

2.1.2

3 years ago

2.1.1

3 years ago

2.1.3

3 years ago

2.1.0

3 years ago

2.0.3

3 years ago

2.0.5

3 years ago

2.0.4

3 years ago

2.0.7

3 years ago

2.0.6

3 years ago

2.0.2

3 years ago

2.0.0-alpha.4

3 years ago

2.0.1

3 years ago

2.0.0

3 years ago

2.0.0-alpha.3

3 years ago

2.0.0-alpha.0

3 years ago

2.0.0-alpha.1

3 years ago

2.0.0-alpha.2

3 years ago

1.9.4

3 years ago

1.9.3

4 years ago

1.9.2

4 years ago

1.9.1

4 years ago

1.9.0

4 years ago

1.8.3

4 years ago

1.8.2

4 years ago

1.8.1

4 years ago

1.8.0

4 years ago

1.7.10

4 years ago

1.7.9

4 years ago

1.7.8

4 years ago

1.7.7

4 years ago

1.7.6

4 years ago

1.7.5

4 years ago

1.7.4

4 years ago

1.7.3

4 years ago

1.7.2

4 years ago

1.7.1

4 years ago

1.7.0

4 years ago

1.6.4

4 years ago

1.6.3

5 years ago

1.6.2

5 years ago

1.6.1

5 years ago

1.6.0

5 years ago

1.5.4

5 years ago

1.5.3

5 years ago

1.5.2

5 years ago

1.5.1

5 years ago

1.5.0

5 years ago

1.4.5

5 years ago

1.4.4

5 years ago

1.4.3

5 years ago

1.4.2

5 years ago

1.4.1

5 years ago

1.4.0

5 years ago

1.3.2

5 years ago

1.3.1

5 years ago

1.3.0

5 years ago

1.2.3

6 years ago

1.2.2

6 years ago

1.2.1

6 years ago

1.2.0

6 years ago

1.1.4

6 years ago

1.1.3

6 years ago

1.1.2

6 years ago

1.1.1

6 years ago

1.1.0

6 years ago

1.0.94

6 years ago

1.0.93

6 years ago

1.0.92

6 years ago

1.0.91

6 years ago

1.0.90

6 years ago