0.2.0 • Published 3 months ago
csrf-protection v0.2.0
Node CSRF Middleware
csrf-protection
is a Node.js library that provides middleware functions for generating and validating CSRF tokens in web applications.
Installation
To install the library, use the following npm command:
npm install csrf-protection
Usage
Importing the Library
const csrf = require('csrf-protection');
CSRF Token Generation Middleware
This middleware generates a CSRF token and adds it to the response cookie. The token is also available in the res.locals.csrfToken variable for use in forms.
CSRF Token Control Middleware
This middleware checks the CSRF token in the request against the one stored in the cookie. If the tokens match, the request is allowed to proceed; otherwise, a 403 Forbidden response is sent.
Configuration
Example
const express = require('express');
const csrf = require('csrf-protection');
const cookieParser = require('cookie-parser');
const app = express();
app.use(express.urlencoded({ extended: true })); // Required
app.use(cookieParser()); // Required
const csrff = csrf({
secret: 'Hello World!' // Your Secret Key
});
app.get('/', csrff.csrfCreate, (req, res) => {
const csrfToken = res.locals.csrfToken;
console.log(csrfToken);
res.send(`
<html>
<body>
<h1>Example</h1>
<form action="/submit" method="post">
<input type="hidden" name="_csrf" value="${csrfToken}">
<label for="username">User Name:</label>
<input type="text" id="username" name="username">
<button type="submit">Send</button>
</form>
</body>
</html>
`);
});
app.post('/submit', csrff.csrfCheck, (req, res) => {
res.send(`Hello World!`);
});
app.listen(3000, () => { console.log('Server is running on port 3000'); });
License
This project is licensed under the MIT License.