-
Notifications
You must be signed in to change notification settings - Fork 32
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: refactoring, added support for ctx argument to messages
- Loading branch information
1 parent
0e8f092
commit 6fc2c39
Showing
14 changed files
with
8,277 additions
and
327 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,9 @@ | ||
{ | ||
"presets": [ "crocodile" ], | ||
"plugins": [ "add-module-exports" ], | ||
"sourceMaps": [ "inline" ] | ||
"presets": [ | ||
["@babel/env", { | ||
"targets": { | ||
"node": "6.4.0" | ||
} | ||
}] | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
root = true | ||
|
||
[*] | ||
indent_style = space | ||
indent_size = 2 | ||
end_of_line = lf | ||
charset = utf-8 | ||
trim_trailing_whitespace = true | ||
insert_final_newline = true |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,16 @@ | ||
{ | ||
"extends": "crocodile" | ||
"extends": ["eslint:recommended", "plugin:node/recommended"], | ||
"rules": { | ||
"no-unsafe-finally": "warn", | ||
"no-cond-assign": "warn", | ||
"no-console": "warn", | ||
"no-control-regex": "warn", | ||
"no-empty": "warn", | ||
"no-extra-semi": "warn", | ||
"no-func-assign": "warn", | ||
"no-undef": "warn", | ||
"no-unused-vars": "warn", | ||
"no-useless-escape": "warn", | ||
"node/no-deprecated-api": "warn" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,9 @@ | ||
language: node_js | ||
node_js: | ||
- 6 | ||
- 7 | ||
before_install: | ||
- npm install -g npm | ||
- '6' | ||
- '8' | ||
- '10' | ||
script: | ||
npm run test-coverage | ||
after_success: | ||
npm run coverage |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,120 +1,140 @@ | ||
# koa-csrf | ||
|
||
# Koa CSRF | ||
[![build status](https://img.shields.io/travis/koajs/csrf.svg)](https://travis-ci.com/koajs/csrf) | ||
[![code coverage](https://img.shields.io/codecov/c/github/koajs/csrf.svg)](https://codecov.io/gh/koajs/csrf) | ||
[![code style](https://img.shields.io/badge/code_style-XO-5ed9c7.svg)](https://github.com/sindresorhus/xo) | ||
[![styled with prettier](https://img.shields.io/badge/styled_with-prettier-ff69b4.svg)](https://github.com/prettier/prettier) | ||
[![made with lass](https://img.shields.io/badge/made_with-lass-95CC28.svg)](https://lass.js.org) | ||
[![license](https://img.shields.io/github/license/koajs/csrf.svg)](LICENSE) | ||
|
||
[![NPM version][npm-image]][npm-url] | ||
[![Build status][travis-image]][travis-url] | ||
[![Test coverage][coveralls-image]][coveralls-url] | ||
[![Dependency Status][david-image]][david-url] | ||
[![License][license-image]][license-url] | ||
[![Downloads][downloads-image]][downloads-url] | ||
> CSRF tokens for Koa | ||
> CSRF tokens for Koa >= 2.x (next). For Koa < 2.x (next) see the 2.x branch. | ||
|
||
## Table of Contents | ||
|
||
* [Install](#install) | ||
* [Usage](#usage) | ||
* [Options](#options) | ||
* [Open Source Contributor Requests](#open-source-contributor-requests) | ||
* [Contributors](#contributors) | ||
* [License](#license) | ||
|
||
|
||
## Install | ||
|
||
> For koa@>=2.x (next): | ||
> For versions of Koa <2.x please use `[email protected]` | ||
[npm][]: | ||
|
||
```bash | ||
npm install --save koa-csrf@3.x | ||
```sh | ||
npm install koa-csrf | ||
``` | ||
|
||
> For koa@<2.x: | ||
[yarn][]: | ||
|
||
```bash | ||
npm install --save koa-csrf@2.x | ||
```sh | ||
yarn add koa-csrf | ||
``` | ||
|
||
|
||
## Usage | ||
|
||
1. Add middleware in Koa app (default options are shown): | ||
```js | ||
import Koa from 'koa'; | ||
import bodyParser from 'koa-bodyparser'; | ||
import session from 'koa-generic-session'; | ||
import convert from 'koa-convert'; | ||
import CSRF from 'koa-csrf'; | ||
|
||
const app = new Koa(); | ||
```js | ||
const Koa require('koa'); | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong. |
||
const bodyParser require('koa-bodyparser'); | ||
const session require('koa-generic-session'); | ||
const convert require('koa-convert'); | ||
const CSRF require('koa-csrf'); | ||
|
||
const app = new Koa(); | ||
|
||
// set the session keys | ||
app.keys = [ 'a', 'b' ]; | ||
|
||
// add session support | ||
app.use(convert(session())); | ||
|
||
// add body parsing | ||
app.use(bodyParser()); | ||
|
||
// add the CSRF middleware | ||
app.use(new CSRF({ | ||
invalidTokenMessage: 'Invalid CSRF token', | ||
invalidTokenStatusCode: 403, | ||
excludedMethods: [ 'GET', 'HEAD', 'OPTIONS' ], | ||
disableQuery: false | ||
})); | ||
|
||
// your middleware here (e.g. parse a form submit) | ||
app.use((ctx, next) => { | ||
if (![ 'GET', 'POST' ].includes(ctx.method)) | ||
return next(); | ||
if (ctx.method === 'GET') { | ||
ctx.body = ctx.csrf; | ||
return; | ||
} | ||
ctx.body = 'OK'; | ||
}); | ||
|
||
app.listen(); | ||
``` | ||
|
||
// set the session keys | ||
app.keys = [ 'a', 'b' ]; | ||
2. Add the CSRF token in your template forms: | ||
|
||
// add session support | ||
app.use(convert(session())); | ||
> Jade Template: | ||
|
||
// add body parsing | ||
app.use(bodyParser()); | ||
```jade | ||
form(action='/register', method='POST') | ||
input(type='hidden', name='_csrf', value=csrf) | ||
input(type='email', name='email', placeholder='Email') | ||
input(type='password', name='password', placeholder='Password') | ||
button(type='submit') Register | ||
``` | ||
|
||
// add the CSRF middleware | ||
app.use(new CSRF({ | ||
invalidSessionSecretMessage: 'Invalid session secret', | ||
invalidSessionSecretStatusCode: 403, | ||
invalidTokenMessage: 'Invalid CSRF token', | ||
invalidTokenStatusCode: 403, | ||
excludedMethods: [ 'GET', 'HEAD', 'OPTIONS' ], | ||
disableQuery: false | ||
})); | ||
> EJS Template: | ||
|
||
// your middleware here (e.g. parse a form submit) | ||
app.use((ctx, next) => { | ||
```ejs | ||
<form action="/register" method="POST"> | ||
<input type="hidden" name="_csrf" value="<%= csrf %>" /> | ||
<input type="email" name="email" placeholder="Email" /> | ||
<input type="password" name="password" placeholder="Password" /> | ||
<button type="submit">Register</button> | ||
</form> | ||
``` | ||
|
||
if (![ 'GET', 'POST' ].includes(ctx.method)) | ||
return next(); | ||
|
||
if (ctx.method === 'GET') { | ||
ctx.body = ctx.csrf; | ||
return; | ||
} | ||
## Options | ||
|
||
ctx.body = 'OK'; | ||
* `invalidTokenMessage` (String or Function) - defaults to `Invalid CSRF token`, but can also be a function that accepts one argument `ctx` (useful for i18n translation, e.g. using `ctx.request.t('some message')` via [@ladjs/i18n][] | ||
* `invalidTokenStatusCode` (Number) - defaults to `403` | ||
* `excludedMethods` (Array) - defaults to `[ 'GET', 'HEAD', 'OPTIONS' ]` | ||
* `disableQuery` (Boolean) - defaults to `false` | ||
|
||
}); | ||
|
||
app.listen(); | ||
``` | ||
## Open Source Contributor Requests | ||
|
||
2. Add the CSRF token in your template forms: | ||
* [ ] Existing methods from 1.x package added to 3.x | ||
* [ ] Existing tests from 1.x package added to 3.x | ||
|
||
> Jade Template: | ||
|
||
```jade | ||
form(action='/register', method='POST') | ||
input(type='hidden', name='_csrf', value=csrf) | ||
input(type='email', name='email', placeholder='Email') | ||
input(type='password', name='password', placeholder='Password') | ||
button(type='submit') Register | ||
``` | ||
## Contributors | ||
|
||
> EJS Template: | ||
| Name | Website | | ||
| -------------- | --------------------------------- | | ||
| **Nick Baugh** | <https://github.com/niftylettuce> | | ||
|
||
```ejs | ||
<form action="/register" method="POST"> | ||
<input type="hidden" name="_csrf" value="<%= csrf %>" /> | ||
<input type="email" name="email" placeholder="Email" /> | ||
<input type="password" name="password" placeholder="Password" /> | ||
<button type="submit">Register</button> | ||
</form> | ||
``` | ||
|
||
## Open Source Contributor Requests | ||
## License | ||
|
||
[MIT](LICENSE) © [Jonathan Ong](http://jongleberry.com) | ||
|
||
|
||
## | ||
|
||
[@ladjs/i18n]: https://github.com/ladjs/i18n | ||
|
||
[npm]: https://www.npmjs.com/ | ||
|
||
- [ ] Existing methods from 1.x package added to 3.x | ||
- [ ] Existing tests from 1.x package added to 3.x | ||
|
||
|
||
[npm-image]: https://img.shields.io/npm/v/koa-csrf.svg?style=flat-square | ||
[npm-url]: https://npmjs.org/package/koa-csrf | ||
[github-tag]: http://img.shields.io/github/tag/koajs/csrf.svg?style=flat-square | ||
[github-url]: https://github.com/koajs/csrf/tags | ||
[travis-image]: https://img.shields.io/travis/koajs/csrf.svg?style=flat-square | ||
[travis-url]: https://travis-ci.org/koajs/csrf | ||
[coveralls-image]: https://img.shields.io/coveralls/koajs/csrf.svg?style=flat-square | ||
[coveralls-url]: https://coveralls.io/r/koajs/csrf?branch=master | ||
[david-image]: http://img.shields.io/david/koajs/csrf.svg?style=flat-square | ||
[david-url]: https://david-dm.org/koajs/csrf | ||
[license-image]: http://img.shields.io/npm/l/koa-csrf.svg?style=flat-square | ||
[license-url]: LICENSE | ||
[downloads-image]: http://img.shields.io/npm/dm/koa-csrf.svg?style=flat-square | ||
[downloads-url]: https://npmjs.org/package/koa-csrf | ||
[yarn]: https://yarnpkg.com/ |
Oops, something went wrong.
Find/replace fail: missed the
=
here 😝