simple-express-csrf

A really simple Express.js CSRF Middleware that just works out of the box.

Are you tired of importing and testing multiple CSRF libraries into Express.js, and
none of them work?
Then this Middleware is for you! Minimal dependencies, educated guess and convetions on
your stack. Depends on other well stablished CSRF lib.

$3

``sh $ npm install simple-express-csrtf`

This module assumes you are using in your project express, and expres-session.

To install those dependencies run:`sh $ npm install express expres-session`

`$3`

This module includes a TypeScript declaration file to enable auto complete in compatible editors and type information for TypeScript projects.

`$3`

From javascript, you can import this with:`js const { generateCSRFToken, validateCSRFMiddleware } = require("simple-express-csrf");

// Or

import { generateCSRFToken, generateCSRFToken, validateCSRFMiddleware } from "simple-express-csrf";`

From TypeScript, you simply import the middleware like:`ts import { generateCSRFToken, generateCSRFToken, validateCSRFMiddleware } from "simple-express-csrf";`

`API`

`$3`


Generates a new CSRF Token, which can be used to be renderd in your form.
It needs the

request

 object as an input to use it to save this token and the secret token in the session.

$3

Reads the

csrf_token parameter from your POST request (the only method secured is POST

), and verifies it against the secret token in session.

$3

Automatically validates the CSRF token sent via the

POST

 method.
It allows your specified action to be accessed in case the token is valid,
and if not, it calls an

onErrorCallback

 callback function that you can use to customize what happens if the token is invalid.

Example

This is a complete example of how this middleware can be used making use of ejsas a template engine.

`js // app.js const express = require("express");

const session = require('express-session');

const { generateCSRFToken, validateCSRFMiddleware } = require("simple-express-csrf")

const app = express();

const port = 4000;

app.set('view engine', 'ejs');

app.use(express.urlencoded({ extended: true }));

app.use(session({ secret: "SECRET_SESION_KEY", resave: false, saveUninitialized: true, }));

app.get("/", (req, res) => { res.render('index', { csrf_token: generateCSRFToken(req) }); });

app.post("/", validateCSRFMiddleware((err, req, res) => { return res.redirect("/404"); }), (req, res) => { res.json({"success": true}); });`

This is what the file views/index.ejslooks like:`html

simple-express-csrf

A really simple Express.js CSRF Middleware that just works out of the box.

$3

``sh $ npm install simple-express-csrtf`

This module assumes you are using in your project express, and expres-session.

To install those dependencies run:`sh $ npm install express expres-session`

`$3`

This module includes a TypeScript declaration file to enable auto complete in compatible editors and type information for TypeScript projects.

`$3`

From javascript, you can import this with:`js const { generateCSRFToken, validateCSRFMiddleware } = require("simple-express-csrf");

// Or

import { generateCSRFToken, generateCSRFToken, validateCSRFMiddleware } from "simple-express-csrf";`

From TypeScript, you simply import the middleware like:`ts import { generateCSRFToken, generateCSRFToken, validateCSRFMiddleware } from "simple-express-csrf";`

`API`

`$3`


Generates a new CSRF Token, which can be used to be renderd in your form.
It needs the

request

 object as an input to use it to save this token and the secret token in the session.

$3

Reads the

csrf_token parameter from your POST request (the only method secured is POST

), and verifies it against the secret token in session.

$3

Automatically validates the CSRF token sent via the

POST

 method.
It allows your specified action to be accessed in case the token is valid,
and if not, it calls an

onErrorCallback

 callback function that you can use to customize what happens if the token is invalid.

Example

This is a complete example of how this middleware can be used making use of ejsas a template engine.

`js // app.js const express = require("express");

const session = require('express-session');

const { generateCSRFToken, validateCSRFMiddleware } = require("simple-express-csrf")

const app = express();

const port = 4000;

app.set('view engine', 'ejs');

app.use(express.urlencoded({ extended: true }));

app.use(session({ secret: "SECRET_SESION_KEY", resave: false, saveUninitialized: true, }));

app.get("/", (req, res) => { res.render('index', { csrf_token: generateCSRFToken(req) }); });

app.post("/", validateCSRFMiddleware((err, req, res) => { return res.redirect("/404"); }), (req, res) => { res.json({"success": true}); });`

This is what the file views/index.ejslooks like:`html