5.0.1 • Published 2 years ago
koa-csrf v5.0.1
koa-csrf
CSRF tokens for Koa
NOTE: As of v5.0.0+
ctx.csrf
,ctx_csrf
, andctx.response.csrf
are removed – instead usectx.state._csrf
. Furthermore we have droppedinvalidTokenMessage
andinvalidTokenStatusCode
in favor of anerrorHandler
function option.
Table of Contents
Install
npm:
npm install koa-csrf
Usage
Add middleware in Koa app (see options below):
const Koa = require('koa'); const bodyParser = require('koa-bodyparser'); const session = require('koa-generic-session'); const convert = require('koa-convert'); const CSRF = require('koa-csrf'); const app = new Koa(); // set the session keys app.keys = [ 'a', 'b' ]; // add session support app.use(convert(session())); // add body parsing app.use(bodyParser()); // add the CSRF middleware app.use(new CSRF()); // your middleware here (e.g. parse a form submit) app.use((ctx, next) => { if (![ 'GET', 'POST' ].includes(ctx.method)) return next(); if (ctx.method === 'GET') { ctx.body = ctx.state._csrf; return; } ctx.body = 'OK'; }); app.listen();
Add the CSRF token in your template forms:
Jade Template:
form(action='/register', method='POST') input(type='hidden', name='_csrf', value=_csrf) input(type='email', name='email', placeholder='Email') input(type='password', name='password', placeholder='Password') button(type='submit') Register
EJS Template:
<form action="/register" method="POST"> <input type="hidden" name="_csrf" value="<%= _csrf %>" /> <input type="email" name="email" placeholder="Email" /> <input type="password" name="password" placeholder="Password" /> <button type="submit">Register</button> </form>
Options
errorHandler
(Function) - defaults to a function that returnsctx.throw(403, 'Invalid CSRF token')
excludedMethods
(Array) - defaults to[ 'GET', 'HEAD', 'OPTIONS' ]
disableQuery
(Boolean) - defaults tofalse
ignoredPathGlobs
(Array) - defaults to an empty Array, but you can pass an Array of glob paths to ignore
Contributors
Name | Website |
---|---|
Nick Baugh | https://github.com/niftylettuce |
Imed Jaberi | https://www.3imed-jaberi.com/ |
License
5.0.1
2 years ago
5.0.0
2 years ago
4.0.1
2 years ago
4.0.0
2 years ago
3.0.8
5 years ago
3.0.7
5 years ago
3.0.6
7 years ago
3.0.5
7 years ago
3.0.4
8 years ago
3.0.3
8 years ago
3.0.2
8 years ago
3.0.1
8 years ago
3.0.0
8 years ago
2.5.0
8 years ago
2.4.0
8 years ago
2.3.0
9 years ago
2.2.0
9 years ago
2.1.3
10 years ago
2.1.2
10 years ago
2.1.1
10 years ago
2.1.0
10 years ago
2.0.0
10 years ago
1.1.1
10 years ago
1.1.0
10 years ago
1.0.1
10 years ago
1.0.0
10 years ago
0.1.0
10 years ago
0.0.1
10 years ago