|
1
|
|
|
declare namespace _exports { |
|
2
|
|
|
export { CsrfConfig, Csrf }; |
|
3
|
|
|
} |
|
4
|
|
|
declare namespace _exports { |
|
5
|
|
|
export { CONSTANT }; |
|
6
|
|
|
export function generate(csrfConfig?: CsrfConfig): Function; |
|
7
|
|
|
export function setTokenLocalsParam(req: any, res: any, next: Function): void; |
|
8
|
|
|
export function protect(req: any, res: any, next: Function): void; |
|
9
|
|
|
} |
|
10
|
|
|
export = _exports; |
|
11
|
|
|
type CsrfConfig = { |
|
12
|
|
|
/** |
|
13
|
|
|
* - The length of the CSRF token in bytes. |
|
14
|
|
|
*/ |
|
15
|
|
|
tokenLength?: number; |
|
16
|
|
|
/** |
|
17
|
|
|
* - The storage configuration for the CSRF token. |
|
18
|
|
|
*/ |
|
19
|
|
|
storage?: { |
|
20
|
|
|
type?: string; |
|
21
|
|
|
options?: any; |
|
22
|
|
|
}; |
|
23
|
|
|
/** |
|
24
|
|
|
* - The name of the request body or query parameter to check for the CSRF token. |
|
25
|
|
|
*/ |
|
26
|
|
|
param?: string; |
|
27
|
|
|
/** |
|
28
|
|
|
* - The name of the local variable to set the CSRF token to for use in templates. |
|
29
|
|
|
*/ |
|
30
|
|
|
value?: string; |
|
31
|
|
|
/** |
|
32
|
|
|
* - A function to call when the CSRF token is invalid. It should accept `(req, res, next)` and send an appropriate error response. |
|
33
|
|
|
*/ |
|
34
|
|
|
errorResponse?: Function; |
|
35
|
|
|
/** |
|
36
|
|
|
* - A function to determine if CSRF protection should be applied. It should accept `(req)` and return `true` to protect, `false` to skip. |
|
37
|
|
|
*/ |
|
38
|
|
|
protectCondition?: Function; |
|
39
|
|
|
/** |
|
40
|
|
|
* - A function to retrieve the CSRF token from the request. It should accept `(req)` and return the token string or `null`. |
|
41
|
|
|
*/ |
|
42
|
|
|
getTransmitToken?: Function; |
|
43
|
|
|
}; |
|
44
|
|
|
type Csrf = { |
|
45
|
|
|
/** |
|
46
|
|
|
* - The name of the request body or query parameter to check for the CSRF token. |
|
47
|
|
|
*/ |
|
48
|
|
|
param: string; |
|
49
|
|
|
/** |
|
50
|
|
|
* - The name of the local variable to set the CSRF token to for use in templates. |
|
51
|
|
|
*/ |
|
52
|
|
|
value: string; |
|
53
|
|
|
/** |
|
54
|
|
|
* - The storage configuration for the CSRF token. |
|
55
|
|
|
*/ |
|
56
|
|
|
storage: { |
|
57
|
|
|
type: string; |
|
58
|
|
|
options: any; |
|
59
|
|
|
}; |
|
60
|
|
|
/** |
|
61
|
|
|
* - The length of the CSRF token in bytes. |
|
62
|
|
|
*/ |
|
63
|
|
|
tokenLength: number; |
|
64
|
|
|
/** |
|
65
|
|
|
* - A function to get the CSRF token from the request. |
|
66
|
|
|
*/ |
|
67
|
|
|
getToken: Function; |
|
68
|
|
|
/** |
|
69
|
|
|
* - A function to clear the CSRF token from the request and/or response. |
|
70
|
|
|
*/ |
|
71
|
|
|
clearToken: Function; |
|
72
|
|
|
/** |
|
73
|
|
|
* - A function to determine if CSRF protection should be applied. |
|
74
|
|
|
*/ |
|
75
|
|
|
protectCondition: Function; |
|
76
|
|
|
/** |
|
77
|
|
|
* - A function to retrieve the CSRF token from the request. |
|
78
|
|
|
*/ |
|
79
|
|
|
getTransmitToken: Function; |
|
80
|
|
|
/** |
|
81
|
|
|
* - A function to call when the CSRF token is invalid. |
|
82
|
|
|
*/ |
|
83
|
|
|
errorResponse: Function; |
|
84
|
|
|
}; |
|
85
|
|
|
/** |
|
86
|
|
|
* @typedef {Object} CsrfConfig |
|
87
|
|
|
* @property {number} [tokenLength=16] - The length of the CSRF token in bytes. |
|
88
|
|
|
* @property {Object} [storage] - The storage configuration for the CSRF token. |
|
89
|
|
|
* @property {string} [storage.type='session'] - The type of storage to use for the CSRF token ('session' or 'cookie'). |
|
90
|
|
|
* @property {Object} [storage.options={}] - Options to pass to the cookie storage (e.g., `domain`, `path`, `secure`, `httpOnly`). Only applicable when `storage.type` is 'cookie'. |
|
91
|
|
|
* @property {string} [param='_csrf'] - The name of the request body or query parameter to check for the CSRF token. |
|
92
|
|
|
* @property {string} [value='csrfToken'] - The name of the local variable to set the CSRF token to for use in templates. |
|
93
|
|
|
* @property {function} [errorResponse] - A function to call when the CSRF token is invalid. It should accept `(req, res, next)` and send an appropriate error response. |
|
94
|
|
|
* @property {function} [protectCondition] - A function to determine if CSRF protection should be applied. It should accept `(req)` and return `true` to protect, `false` to skip. |
|
95
|
|
|
* @property {function} [getTransmitToken] - A function to retrieve the CSRF token from the request. It should accept `(req)` and return the token string or `null`. |
|
96
|
|
|
*/ |
|
97
|
|
|
/** |
|
98
|
|
|
* @type {Object} |
|
99
|
|
|
* @property {Object} STORAGE |
|
100
|
|
|
* @property {string} STORAGE.SESSION - String constant representing session storage type. |
|
101
|
|
|
* @property {string} STORAGE.COOKIE - String constant representing cookie storage type. |
|
102
|
|
|
*/ |
|
103
|
|
|
declare const CONSTANT: any; |
|
104
|
|
|
|
knfs-library /
csrf
