Skip to content

koa-csrf

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History
 
 

koa-csrf

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
node_modules/csrf
node_modules/csrf
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package.json
package.json
 
 

README.md

Koa CSRF

NPM version Build status Test coverage Dependency Status License Downloads Gittip

CSRF tokens for koa.

Install

npm install koa-csrf

API

To install, do:

require('koa-csrf')(app, options)

Options

All options are passed to csrf-tokens.

this.csrf

Lazily creates a CSRF token. CSRF tokens change on every request.

app.use(function* () {
  this.render({
    csrf: this.csrf
  })
})

this.assertCSRF([body])

Check the CSRF token of a request with an optional body. Will throw if the CSRF token does not exist or is not valid.

app.use(function* () {
  var body = yield parse(this) // co-body or something
  try {
    this.assertCSRF(body)
  } catch (err) {
    this.status = 403
    this.body = {
      message: 'This CSRF token is invalid!'
    }
    return
  }
})

Middleware

koa-csrf also provide a koa middleware, it is similar to connect-csrf. in most situation, you only need:

var koa = require('koa')
var csrf = require('koa-csrf')
var session = require('koa-session')

var app = koa()
app.keys = ['session secret']
app.use(session())
csrf(app)
app.use(csrf.middleware)

app.use(function* () {
  if (this.method === 'GET') {
    this.body = this.csrf
  } else if (this.method === 'POST') {
    this.status = 204
  }
})