feat: add support for ctx.state.csrf (backwards compatible), moderniz…

…e repo, require node >=14
koajs · Jul 1, 2022 · 4b41239 · 4b41239
1 parent 3d5a2dc
commit 4b41239
Show file tree

Hide file tree

Showing 21 changed files with 244 additions and 8,913 deletions.
diff --git a/.commitlintrc.js b/.commitlintrc.js
@@ -0,0 +1,3 @@
+module.exports = {
+  extends: ['@commitlint/config-conventional']
+};
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,9 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
diff --git a/.eslintignore b/.eslintignore
@@ -0,0 +1 @@
+!.*.js
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1 @@
+* text=auto eol=lf
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,26 @@
+name: CI
+on:
+  - push
+  - pull_request
+jobs:
+  build:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os:
+          - ubuntu-latest
+        node_version:
+          - 14
+          - 16
+          - 18
+    name: Node ${{ matrix.node_version }} on ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v3
+      - name: Setup node
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node_version }}
+      - name: Install dependencies
+        run: npm install
+      - name: Run tests
+        run: npm run test
diff --git a/.gitignore b/.gitignore
@@ -1,23 +1,15 @@
-#       OS        #
-###################
 .DS_Store
+*.log
 .idea
-Thumbs.db
-tmp/
-temp/
-
-
-#     Node.js     #
-###################
 node_modules
+coverage
+.nyc_output
+locales/
 package-lock.json
-npm-debug.log
-yarn-debug.log
-yarn-error.log
+yarn.lock
 
-
-#       NYC       #
-###################
-coverage
+Thumbs.db
+tmp/
+temp/
 *.lcov
-.nyc_output
+.env
diff --git a/.husky/commit-msg b/.husky/commit-msg
@@ -0,0 +1,4 @@
+#!/bin/sh
+. "$(dirname "$0")/_/husky.sh"
+
+npx --no-install commitlint --edit $1
diff --git a/.husky/pre-commit b/.husky/pre-commit
@@ -0,0 +1,4 @@
+#!/bin/sh
+. "$(dirname "$0")/_/husky.sh"
+
+npx --no-install lint-staged && npm test
diff --git a/.lintstagedrc.js b/.lintstagedrc.js
@@ -0,0 +1,5 @@
+module.exports = {
+  '*.md': (filenames) => filenames.map((filename) => `remark ${filename} -qfo`),
+  'package.json': 'fixpack',
+  '*.js': 'xo --fix'
+};
diff --git a/.npmrc b/.npmrc
@@ -0,0 +1 @@
+package-lock=false
diff --git a/.prettierrc.js b/.prettierrc.js
@@ -0,0 +1,5 @@
+module.exports = {
+  singleQuote: true,
+  bracketSpacing: true,
+  trailingComma: 'none'
+};
diff --git a/.remarkrc.js b/.remarkrc.js
@@ -0,0 +1,3 @@
+module.exports = {
+  plugins: ['preset-github']
+};
diff --git a/.travis.yml b/.travis.yml
diff --git a/.xo-config.js b/.xo-config.js
@@ -0,0 +1,5 @@
+module.exports = {
+  prettier: true,
+  space: true,
+  extends: ['xo-lass']
+};
diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
-(The MIT License)
+The MIT License
 
-Copyright (c) 2014 Jonathan Ong <[email protected]> && Nick Baugh <[email protected]>
+Copyright (c) 2014 Jonathan Ong <[email protected]> & Nick Baugh <[email protected]>
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 # koa-csrf
 
+[![build status](https://github.com/koajs/csrf/actions/workflows/ci.yml/badge.svg)](https://github.com/koajs/csrf/actions/workflows/ci.yml)
 [![build status](https://img.shields.io/travis/koajs/csrf.svg)](https://travis-ci.com/koajs/csrf)
-[![code coverage](https://img.shields.io/codecov/c/github/koajs/csrf.svg)](https://codecov.io/gh/koajs/csrf)
 [![code style](https://img.shields.io/badge/code_style-XO-5ed9c7.svg)](https://github.com/sindresorhus/xo)
 [![styled with prettier](https://img.shields.io/badge/styled_with-prettier-ff69b4.svg)](https://github.com/prettier/prettier)
 [![made with lass](https://img.shields.io/badge/made_with-lass-95CC28.svg)](https://lass.js.org)
@@ -22,20 +22,12 @@
 
 ## Install
 
-> For versions of Koa &lt;2.x please use `[email protected]`
-
 [npm][]:
 
 ```sh
 npm install koa-csrf
 ```
 
-[yarn][]:
-
-```sh
-yarn add koa-csrf
-```
-
 
 ## Usage
 
@@ -60,7 +52,7 @@ yarn add koa-csrf
    app.use(bodyParser());
 
    // add the CSRF middleware
-   app.use(CSRF({
+   app.use(new CSRF({
      invalidTokenMessage: 'Invalid CSRF token',
      invalidTokenStatusCode: 403,
      excludedMethods: [ 'GET', 'HEAD', 'OPTIONS' ],
@@ -72,7 +64,7 @@ yarn add koa-csrf
      if (![ 'GET', 'POST' ].includes(ctx.method))
        return next();
      if (ctx.method === 'GET') {
-       ctx.body = ctx.csrf;
+       ctx.body = ctx.state.csrf;
        return;
      }
      ctx.body = 'OK';
@@ -132,10 +124,8 @@ yarn add koa-csrf
 [MIT](LICENSE) © [Jonathan Ong](http://jongleberry.com)
 
 
-## 
+##
 
 [@ladjs/i18n]: https://github.com/ladjs/i18n
 
 [npm]: https://www.npmjs.com/
-
-[yarn]: https://yarnpkg.com/
diff --git a/index.js b/index.js
@@ -1,26 +1,5 @@
-/*!
- * koa-csrf
- *
- * Copyright(c) 2020 koa contributors
- * MIT Licensed
- */
-
-'use strict';
-
-/**
- * Module dependencies.
- */
 const csrf = require('csrf');
 
-/**
- * Expose `CSRF()`.
- */
-
-module.exports = CSRF;
-
-/**
- *
- */
 function CSRF(opts = {}) {
   const tokens = csrf(opts);
 
@@ -32,11 +11,11 @@ function CSRF(opts = {}) {
     ...opts
   };
 
-  return function(ctx, next) {
-    Object.defineProperty(ctx, 'csrf', {
-      get: () => {
-        if (ctx._csrf) {
-          return ctx._csrf;
+  return function (ctx, next) {
+    Object.defineProperty(ctx.state, 'csrf', {
+      get() {
+        if (ctx.state._csrf) {
+          return ctx.state._csrf;
         }
 
         if (!ctx.session) {
@@ -47,17 +26,24 @@ function CSRF(opts = {}) {
           ctx.session.secret = tokens.secretSync();
         }
 
-        ctx._csrf = tokens.create(ctx.session.secret);
+        ctx.state._csrf = tokens.create(ctx.session.secret);
+
+        return ctx.state._csrf;
+      }
+    });
 
-        return ctx._csrf;
+    // backwards compatible
+    Object.defineProperty(ctx, 'csrf', {
+      get() {
+        return ctx.state.csrf;
       }
     });
 
     Object.defineProperty(ctx.response, 'csrf', {
-      get: () => ctx.csrf
+      get: () => ctx.state.csrf
     });
 
-    if (opts.excludedMethods.indexOf(ctx.method) !== -1) {
+    if (opts.excludedMethods.includes(ctx.method)) {
       return next();
     }
 
@@ -72,7 +58,7 @@ function CSRF(opts = {}) {
 
     const token =
       bodyToken ||
-      (!this.opts.disableQuery && ctx.query && ctx.query._csrf) ||
+      (!opts.disableQuery && ctx.query && ctx.query._csrf) ||
       ctx.get('csrf-token') ||
       ctx.get('xsrf-token') ||
       ctx.get('x-csrf-token') ||
@@ -99,3 +85,5 @@ function CSRF(opts = {}) {
     return next();
   };
 }
+
+module.exports = CSRF;
diff --git a/index.test.js b/index.test.js