Skip to content

Commit

Permalink
feat: refactoring, added support for ctx argument to messages
Browse files Browse the repository at this point in the history
  • Loading branch information
niftylettuce committed Jan 13, 2019
1 parent 0e8f092 commit 6fc2c39
Show file tree
Hide file tree
Showing 14 changed files with 8,277 additions and 327 deletions.
10 changes: 7 additions & 3 deletions .babelrc
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
{
"presets": [ "crocodile" ],
"plugins": [ "add-module-exports" ],
"sourceMaps": [ "inline" ]
"presets": [
["@babel/env", {
"targets": {
"node": "6.4.0"
}
}]
]
}
9 changes: 9 additions & 0 deletions .editorconfig
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
root = true

[*]
indent_style = space
indent_size = 2
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true
2 changes: 0 additions & 2 deletions .eslintignore

This file was deleted.

15 changes: 14 additions & 1 deletion .eslintrc
Original file line number Diff line number Diff line change
@@ -1,3 +1,16 @@
{
"extends": "crocodile"
"extends": ["eslint:recommended", "plugin:node/recommended"],
"rules": {
"no-unsafe-finally": "warn",
"no-cond-assign": "warn",
"no-console": "warn",
"no-control-regex": "warn",
"no-empty": "warn",
"no-extra-semi": "warn",
"no-func-assign": "warn",
"no-undef": "warn",
"no-unused-vars": "warn",
"no-useless-escape": "warn",
"node/no-deprecated-api": "warn"
}
}
11 changes: 7 additions & 4 deletions .travis.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
language: node_js
node_js:
- 6
- 7
before_install:
- npm install -g npm
- '6'
- '8'
- '10'
script:
npm run test-coverage
after_success:
npm run coverage
66 changes: 0 additions & 66 deletions HISTORY.md

This file was deleted.

190 changes: 105 additions & 85 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,120 +1,140 @@
# koa-csrf

# Koa CSRF
[![build status](https://img.shields.io/travis/koajs/csrf.svg)](https://travis-ci.com/koajs/csrf)
[![code coverage](https://img.shields.io/codecov/c/github/koajs/csrf.svg)](https://codecov.io/gh/koajs/csrf)
[![code style](https://img.shields.io/badge/code_style-XO-5ed9c7.svg)](https://github.com/sindresorhus/xo)
[![styled with prettier](https://img.shields.io/badge/styled_with-prettier-ff69b4.svg)](https://github.com/prettier/prettier)
[![made with lass](https://img.shields.io/badge/made_with-lass-95CC28.svg)](https://lass.js.org)
[![license](https://img.shields.io/github/license/koajs/csrf.svg)](LICENSE)

[![NPM version][npm-image]][npm-url]
[![Build status][travis-image]][travis-url]
[![Test coverage][coveralls-image]][coveralls-url]
[![Dependency Status][david-image]][david-url]
[![License][license-image]][license-url]
[![Downloads][downloads-image]][downloads-url]
> CSRF tokens for Koa
> CSRF tokens for Koa >= 2.x (next). For Koa < 2.x (next) see the 2.x branch.

## Table of Contents

* [Install](#install)
* [Usage](#usage)
* [Options](#options)
* [Open Source Contributor Requests](#open-source-contributor-requests)
* [Contributors](#contributors)
* [License](#license)


## Install

> For koa@>=2.x (next):
> For versions of Koa &lt;2.x please use `[email protected]`
[npm][]:

```bash
npm install --save koa-csrf@3.x
```sh
npm install koa-csrf
```

> For koa@<2.x:
[yarn][]:

```bash
npm install --save koa-csrf@2.x
```sh
yarn add koa-csrf
```


## Usage

1. Add middleware in Koa app (default options are shown):
```js
import Koa from 'koa';
import bodyParser from 'koa-bodyparser';
import session from 'koa-generic-session';
import convert from 'koa-convert';
import CSRF from 'koa-csrf';

const app = new Koa();
```js
const Koa require('koa');

This comment has been minimized.

Copy link
@stephenmathieson

stephenmathieson Jan 26, 2019

Contributor

Find/replace fail: missed the = here 😝

This comment has been minimized.

Copy link
@niftylettuce

niftylettuce Jan 26, 2019

Author Contributor

fixing now

const bodyParser require('koa-bodyparser');
const session require('koa-generic-session');
const convert require('koa-convert');
const CSRF require('koa-csrf');

const app = new Koa();

// set the session keys
app.keys = [ 'a', 'b' ];

// add session support
app.use(convert(session()));

// add body parsing
app.use(bodyParser());

// add the CSRF middleware
app.use(new CSRF({
invalidTokenMessage: 'Invalid CSRF token',
invalidTokenStatusCode: 403,
excludedMethods: [ 'GET', 'HEAD', 'OPTIONS' ],
disableQuery: false
}));

// your middleware here (e.g. parse a form submit)
app.use((ctx, next) => {
if (![ 'GET', 'POST' ].includes(ctx.method))
return next();
if (ctx.method === 'GET') {
ctx.body = ctx.csrf;
return;
}
ctx.body = 'OK';
});

app.listen();
```

// set the session keys
app.keys = [ 'a', 'b' ];
2. Add the CSRF token in your template forms:

// add session support
app.use(convert(session()));
> Jade Template:

// add body parsing
app.use(bodyParser());
```jade
form(action='/register', method='POST')
input(type='hidden', name='_csrf', value=csrf)
input(type='email', name='email', placeholder='Email')
input(type='password', name='password', placeholder='Password')
button(type='submit') Register
```

// add the CSRF middleware
app.use(new CSRF({
invalidSessionSecretMessage: 'Invalid session secret',
invalidSessionSecretStatusCode: 403,
invalidTokenMessage: 'Invalid CSRF token',
invalidTokenStatusCode: 403,
excludedMethods: [ 'GET', 'HEAD', 'OPTIONS' ],
disableQuery: false
}));
> EJS Template:

// your middleware here (e.g. parse a form submit)
app.use((ctx, next) => {
```ejs
<form action="/register" method="POST">
<input type="hidden" name="_csrf" value="<%= csrf %>" />
<input type="email" name="email" placeholder="Email" />
<input type="password" name="password" placeholder="Password" />
<button type="submit">Register</button>
</form>
```

if (![ 'GET', 'POST' ].includes(ctx.method))
return next();

if (ctx.method === 'GET') {
ctx.body = ctx.csrf;
return;
}
## Options

ctx.body = 'OK';
* `invalidTokenMessage` (String or Function) - defaults to `Invalid CSRF token`, but can also be a function that accepts one argument `ctx` (useful for i18n translation, e.g. using `ctx.request.t('some message')` via [@ladjs/i18n][]
* `invalidTokenStatusCode` (Number) - defaults to `403`
* `excludedMethods` (Array) - defaults to `[ 'GET', 'HEAD', 'OPTIONS' ]`
* `disableQuery` (Boolean) - defaults to `false`

});

app.listen();
```
## Open Source Contributor Requests

2. Add the CSRF token in your template forms:
* [ ] Existing methods from 1.x package added to 3.x
* [ ] Existing tests from 1.x package added to 3.x

> Jade Template:

```jade
form(action='/register', method='POST')
input(type='hidden', name='_csrf', value=csrf)
input(type='email', name='email', placeholder='Email')
input(type='password', name='password', placeholder='Password')
button(type='submit') Register
```
## Contributors

> EJS Template:
| Name | Website |
| -------------- | --------------------------------- |
| **Nick Baugh** | <https://github.com/niftylettuce> |

```ejs
<form action="/register" method="POST">
<input type="hidden" name="_csrf" value="<%= csrf %>" />
<input type="email" name="email" placeholder="Email" />
<input type="password" name="password" placeholder="Password" />
<button type="submit">Register</button>
</form>
```

## Open Source Contributor Requests
## License

[MIT](LICENSE) © [Jonathan Ong](http://jongleberry.com)


##

[@ladjs/i18n]: https://github.com/ladjs/i18n

[npm]: https://www.npmjs.com/

- [ ] Existing methods from 1.x package added to 3.x
- [ ] Existing tests from 1.x package added to 3.x


[npm-image]: https://img.shields.io/npm/v/koa-csrf.svg?style=flat-square
[npm-url]: https://npmjs.org/package/koa-csrf
[github-tag]: http://img.shields.io/github/tag/koajs/csrf.svg?style=flat-square
[github-url]: https://github.com/koajs/csrf/tags
[travis-image]: https://img.shields.io/travis/koajs/csrf.svg?style=flat-square
[travis-url]: https://travis-ci.org/koajs/csrf
[coveralls-image]: https://img.shields.io/coveralls/koajs/csrf.svg?style=flat-square
[coveralls-url]: https://coveralls.io/r/koajs/csrf?branch=master
[david-image]: http://img.shields.io/david/koajs/csrf.svg?style=flat-square
[david-url]: https://david-dm.org/koajs/csrf
[license-image]: http://img.shields.io/npm/l/koa-csrf.svg?style=flat-square
[license-url]: LICENSE
[downloads-image]: http://img.shields.io/npm/dm/koa-csrf.svg?style=flat-square
[downloads-url]: https://npmjs.org/package/koa-csrf
[yarn]: https://yarnpkg.com/
Loading

0 comments on commit 6fc2c39

Please sign in to comment.