npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

ncsrf

v1.1.0

Published

Simple NestJS CSRF verify token

Downloads

6,017

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

letienhuyletienhuy

Keywords

csrfnestjscsrf tokennestjs csrf

Readme

Nestjs CSRF token validator

Table of Contents

About

Nestjs CSRF protection middleware. If you have questions on how this module is implemented, please read Understanding CSRF.

Deps version

  • current -> @nestjs/common >= 10.x
  • 1.0.7 -> @nestjs/common ^9.4
  • 1.0.2 -> @nestjs/common ^7.6

Prerequisites

Requires either a session middleware or cookie-parser to be initialized first, and need enableCors.

app.use(cookieParser());

Installing

This is a Node.js module available through the npm registry. Installation is done using the npm install command:

$ npm install ncsrf --save

or

$ yarn add ncsrf

Usage

Import in main.ts to enable the middleware globally

import { nestCsrf, CsrfFilter } from "ncsrf";
import cookieParser from "cookie-parser";

app.use(cookieParser());
app.use(nestCsrf());

nestCsrf([options])

  • signed - indicates if the cookie should be signed (defaults to false).
  • key - the name of the cookie to use to store the token secret (defaults to '_csrf').
  • ttl - The time to live of the cookie use to store the token secret (default 300s).

Custom exception message

app.useGlobalFilters(new CsrfFilter());

Or use your custom exception filter by catch 2 class

CsrfInvalidException;

And

CsrfNotFoundException;

How to verify csrf token

HTTP Request must be have at least one of these headers:

  • csrf-token
  • xsrf-token
  • x-csrf-token
  • x-xsrf-token
    or query param:
  • _csrf
    or body param:
  • _csrf

Restful API Setup

Important: Request must be sent with withCredentials set to true to allow cookies to be sent from the frontend or credentials set to include in fetch API.

Generate token here

  @Get('/token')
  getCsrfToken(@Req() req): any {
    return {
      token: req.csrfToken()
    }
  }

Protected route with csrf

  import {Csrf} from "ncsrf";
  ...
  @Post()
  @Csrf()
  needProtect(): string{
    return "Protected!";
  }

Protected route with csrf and custom exception message

  import {Csrf} from "ncsrf";
  ...
  @Post()
  @Csrf("Custom exception message")
  needProtect(): string{
    return "Protected!";
  }

GraphQL Setup

Important: Request must be sent with withCredentials set to true to allow cookies to be sent from the frontend or credentials set to include in fetch API.

Generate token here

  @Query((returns) => string, { name: 'getToken', nullable: false })
  async getUsers(@Context('req') req: any) {
    return req?.csrfToken();
  }

Protected route with csrf

  import {CsrfQL} from "ncsrf";
  ...
  @Mutation((returns) => string, { name: 'needProtect', nullable: false })
  @CsrfQL()
  needProtect(): string{
    return "Protected!";
  }

Protected route with csrf and custom exception message

  import {CsrfQL} from "ncsrf";
  ...
  @Mutation((returns) => string, { name: 'needProtect', nullable: false })
  @CsrfQL("Custom exception message")
  needProtect(): string{
    return "Protected!";
  }

Issue & contribute

  • If you have any issue, please create an issue.
  • If you want to contribute, please create a pull request.

Thank you for using this module.