Csrf-protection NPM

Node CSRF Middleware

csrf-protection is a Node.js library that provides middleware functions for generating and validating CSRF tokens in web applications.

Installation

To install the library, use the following npm command:

npm install csrf-protection

Usage

Importing the Library

const csrf = require('csrf-protection');

CSRF Token Generation Middleware

This middleware generates a CSRF token and adds it to the response cookie. The token is also available in the res.locals.csrfToken variable for use in forms.

CSRF Token Control Middleware

This middleware checks the CSRF token in the request against the one stored in the cookie. If the tokens match, the request is allowed to proceed; otherwise, a 403 Forbidden response is sent.

Configuration

Example

const express = require('express');
const csrf = require('csrf-protection');
const cookieParser = require('cookie-parser');
const app = express();

app.use(express.urlencoded({ extended: true })); // Required
app.use(cookieParser()); // Required

const csrff = csrf({
	secret: 'Hello World!' // Your Secret Key
});

app.get('/', csrff.csrfCreate, (req, res) => {
  const csrfToken = res.locals.csrfToken;
  
  console.log(csrfToken);
  
  res.send(`
    <html>
      <body>
        <h1>Example</h1>
        <form action="/submit" method="post">
          <input type="hidden" name="_csrf" value="${csrfToken}">
          <label for="username">User Name:</label>
          <input type="text" id="username" name="username">
          <button type="submit">Send</button>
        </form>
      </body>
    </html>
  `);
});

app.post('/submit', csrff.csrfCheck, (req, res) => {
  res.send(`Hello World!`);
});

app.listen(3000, () => { console.log('Server is running on port 3000'); });