1.1.0 • Published 6 years ago
csrf-token v1.1.0
CSRF Token
Create and verify csrf tokens
Functions
const csrf = require('csrf-token')
create(secret [, saltLength , callback])
create(secret: string, saltLength?: number): Promise<string>
create(secret: string, saltLength: number, callback: (error: Error, token: string) => void): void
create(secret: string, callback: (error: Error, token: string) => void): void
secret
The secret to encrypt.saltLength
The length of the generated salt. Default:8
callback
A function with the generated token.- Returns void if callback is specified otherwise returns a promise with the generated token.
Create a CSRF token asynchronously.
csrf.create('I like CSRF it makes me feel whole').then(token => {
console.log(`Look at my fancy CSRF token '${token}'`)
})
csrf.create('I want to make my app safer', (err, token) => {
if (err) console.error(err)
else console.log(`Hey I got this from a promise '${token}'`)
})
createSync(secret, saltLength)
createSync(secret: string, saltLength?: number): string
secret
The secret to encrypt.saltLength
The length of the generated salt. Default:8
- Returns the generated token.
Create a CSRF token synchronously.
const token = csrf.createSync('I like secure forms')
console.log(`I am running out of ideas but here is a token '${token}'`)
verify(secret, token , callback)
verify(secret: string, token: string): Promise<boolean>
verify(secret: string, token: string, callback: (matches: boolean) => void): void
secret
The secret that was supposadly encrypted.token
The token that hopefully is the secret in a encrypted form.callback
A function with the result of the verification.- Returns void if callback is specified otherwise returns a promise with the result of the verification.
Verify CSRF token asynchronously.
csrf.verify(secret, token, (matches) => {
if (matches) console.log('They match!')
else console.log('They don\'t they match?')
})
csrf.verify(secret, token).then((matches) => {
if (matches) console.log('Yes!')
else console.log('What?!')
})
verifySync(secret, token)
verifySync(secret: string, token: string): boolean
secret
The secret that was supposadly encrypted.token
The token that hopefully is the secret in a encrypted form.- Returns a boolean if the match or not.
Verify CSRF token synchronously.
const matches = csrf.verifySync(secret, token)
if (matches) console.log('Ooooo yeah!')
else console.log('B-b-but why? ;-;')