GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → pillarjs → Csrf

pillarjs / Csrf

Licence: mit
Logic behind CSRF token creation and verification.

Programming Languages

javascript
184084 projects - #8 most used programming language

Labels

nodejscsrftokens

Projects that are alternatives of or similar to Csrf

Fetch Plus
🐕 Fetch+ is a convenient Fetch API replacement with first-class middleware support.
Stars: ✭ 116 (-48.67%)
Mutual labels:  csrf
Web3 By Example
Node.js with Web3 javascript examples for getting basic information (transactions, balances, network stats, and tokens) from the Ethereum blockchain.
Stars: ✭ 156 (-30.97%)
Mutual labels:  tokens
Javasecurity
Java web and command line applications demonstrating various security topics
Stars: ✭ 182 (-19.47%)
Mutual labels:  csrf
Figma Theme
Generate development-ready theme JSON files from Figma Styles
Stars: ✭ 130 (-42.48%)
Mutual labels:  tokens
Tokens
Ethereum token definitions
Stars: ✭ 144 (-36.28%)
Mutual labels:  tokens
Xssor2
XSS'OR - Hack with JavaScript.
Stars: ✭ 1,969 (+771.24%)
Mutual labels:  csrf
Tokens
Tokens, Tokens, Tokens
Stars: ✭ 101 (-55.31%)
Mutual labels:  tokens
Go Guardian
Go-Guardian is a golang library that provides a simple, clean, and idiomatic way to create powerful modern API and web authentication.
Stars: ✭ 204 (-9.73%)
Mutual labels:  tokens
Dunglasangularcsrfbundle
Automatic CSRF protection for JavaScript apps using a Symfony API
Stars: ✭ 152 (-32.74%)
Mutual labels:  csrf
Csrf Protector Php
CSRF Protector library: standalone library for CSRF mitigation
Stars: ✭ 178 (-21.24%)
Mutual labels:  csrf
Figma Tokens
Official Repo of the Figma Plugin 'Figma Tokens'
Stars: ✭ 134 (-40.71%)
Mutual labels:  tokens
Tokens
Java library for conveniently verifying and storing OAuth 2.0 service access tokens
Stars: ✭ 142 (-37.17%)
Mutual labels:  tokens
Okta Spring Boot React Crud Example
Simple CRUD with React and Spring Boot 2.0
Stars: ✭ 176 (-22.12%)
Mutual labels:  csrf
Electrode Csrf Jwt
Stateless Cross-Site Request Forgery (CSRF) protection with JWT
Stars: ✭ 127 (-43.81%)
Mutual labels:  csrf
Aura.session
Tools for managing sessions, including session segments and read-once messages
Stars: ✭ 185 (-18.14%)
Mutual labels:  csrf
Fastsitephp
🌟 FastSitePHP 🌟 A Modern Open Source Framework for building High Performance Websites and API’s with PHP
Stars: ✭ 102 (-54.87%)
Mutual labels:  csrf
Hacker101
Source code for Hacker101.com - a free online web and mobile security class.
Stars: ✭ 12,246 (+5318.58%)
Mutual labels:  csrf
Token Lists
📚 The Token Lists specification
Stars: ✭ 208 (-7.96%)
Mutual labels:  tokens
Web Security Fundamentals
👨‍🏫 Mike's Web Security Course
Stars: ✭ 195 (-13.72%)
Mutual labels:  csrf
Csurf
CSRF token middleware
Stars: ✭ 2,183 (+865.93%)
Mutual labels:  csrf
View All Similar Projects ➔

CSRF

NPM Version NPM Downloads Node.js Version Build Status Test Coverage

Logic behind CSRF token creation and verification.

Read Understanding-CSRF for more information on CSRF. Use this module to create custom CSRF middleware.

Looking for a CSRF framework for your favorite framework that uses this module?

Install

$ npm install csrf

TypeScript

This module includes a TypeScript declaration file to enable auto complete in compatible editors and type information for TypeScript projects.

API

var Tokens = require('csrf')

new Tokens([options])

Create a new token generation/verification instance. The options argument is optional and will just use all defaults if missing.

Options

Tokens accepts these properties in the options object.

saltLength

The length of the internal salt to use, in characters. Internally, the salt is a base 62 string. Defaults to 8 characters.

secretLength

The length of the secret to generate, in bytes. Note that the secret is passed around base-64 encoded and that this length refers to the underlying bytes, not the length of the base-64 string. Defaults to 18 bytes.

tokens.create(secret)

Create a new CSRF token attached to the given secret. The secret is a string, typically generated from the tokens.secret() or tokens.secretSync() methods. This token is what you should add into HTML <form> blocks and expect the user's browser to provide back.

var secret = tokens.secretSync()
var token = tokens.create(secret)

tokens.secret(callback)

Asynchronously create a new secret, which is a string. The secret is to be kept on the server, typically stored in a server-side session for the user. The secret should be at least per user.

tokens.secret(function (err, secret) {
  if (err) throw err
  // do something with the secret
})

tokens.secret()

Asynchronously create a new secret and return a Promise. Please see tokens.secret(callback) documentation for full details.

Note: To use promises in Node.js prior to 0.12, promises must be "polyfilled" using global.Promise = require('bluebird').

tokens.secret().then(function (secret) {
  // do something with the secret
})

tokens.secretSync()

A synchronous version of tokens.secret(callback). Please see tokens.secret(callback) documentation for full details.

var secret = tokens.secretSync()

tokens.verify(secret, token)

Check whether a CSRF token is valid for the given secret, returning a Boolean.

if (!tokens.verify(secret, token)) {
  throw new Error('invalid token!')
}

License

MIT

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].