You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
巴林闲侠
6f4dcd76d0
|
3 years ago | |
|---|---|---|
| .. | ||
| HISTORY.md | 3 years ago | |
| LICENSE | 3 years ago | |
| README.md | 3 years ago | |
| index.js | 3 years ago | |
| package.json | 3 years ago | |
README.md
Koa CSRF
CSRF tokens for koa.
Install
npm install koa-csrf
API
To install, do:
require('koa-csrf')(app, options)
Options
All options are passed to csrf-tokens.
this.csrf
Lazily creates a CSRF token. CSRF tokens change on every request. Returns null if session is invalid.
app.use(function* () {
this.render({
csrf: this.csrf
})
})
this.assertCSRF([body])
Check the CSRF token of a request with an optional body. Will throw if the CSRF token does not exist or is not valid.
app.use(function* () {
var body = yield parse(this) // co-body or something
try {
this.assertCSRF(body)
} catch (err) {
this.status = 403
this.body = {
message: 'This CSRF token is invalid!'
}
return
}
})
Middleware
koa-csrf also provide a koa middleware, it is similar to connect-csrf.
in most situation, you only need:
var koa = require('koa')
var csrf = require('koa-csrf')
var session = require('koa-session')
var app = koa()
app.keys = ['session secret']
session(app)
app.use(csrf())
app.use(function* () {
if (this.method === 'GET') {
this.body = this.csrf
} else if (this.method === 'POST') {
this.status = 204
}
})