Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@fastify/csrf-protection

Package Overview
Dependencies
Maintainers
0
Versions
15
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@fastify/csrf-protection - npm Package Compare versions

Comparing version 6.4.1 to 7.0.0-pre.fv5.1

30

package.json
{
"name": "@fastify/csrf-protection",
"version": "6.4.1",
"version": "7.0.0-pre.fv5.1",
"description": "A plugin for adding CSRF protection to Fastify.",

@@ -10,3 +10,3 @@ "main": "index.js",

"lint": "standard",
"test": "npm run test:unit && npm run test:typescript",
"test": "npm run test:unit",
"test:unit": "tap",

@@ -33,18 +33,18 @@ "test:typescript": "tsd"

"dependencies": {
"@fastify/csrf": "^6.0.0",
"@fastify/error": "^3.0.0",
"fastify-plugin": "^4.0.0"
"@fastify/csrf": "^7.0.0-pre.fv5.1",
"@fastify/error": "^4.0.0",
"fastify-plugin": "^5.0.0-pre.fv5.1"
},
"devDependencies": {
"@fastify/cookie": "^9.0.4",
"@fastify/pre-commit": "^2.0.2",
"@fastify/secure-session": "^7.0.0",
"@fastify/session": "^10.3.0",
"@types/node": "^20.1.0",
"fastify": "^4.2.0",
"@fastify/cookie": "^10.0.0-pre.fv5.1",
"@fastify/pre-commit": "^2.1.0",
"@fastify/secure-session": "^8.0.0-pre.fv5.1",
"@fastify/session": "^11.0.0-pre.fv5.1",
"@types/node": "^20.12.7",
"fastify": "^5.0.0-alpha.3",
"proxyquire": "^2.1.3",
"sinon": "^17.0.0",
"standard": "^17.0.0",
"tap": "^16.0.0",
"tsd": "^0.29.0"
"sinon": "^17.0.1",
"standard": "^17.1.0",
"tap": "^18.7.2",
"tsd": "^0.31.0"
},

@@ -51,0 +51,0 @@ "pre-commit": [

4

README.md

@@ -31,3 +31,3 @@ # @fastify/csrf-protection

### Use with [`@fastify/cookie`](https://github.com/fastify/@fastify/cookie)
### Use with [`@fastify/cookie`](https://github.com/fastify/fastify-cookie)

@@ -134,3 +134,3 @@ If you use `@fastify/csrf-protection` with `@fastify/cookie`, the CSRF secret will be added to the response cookies.

- Of significant character length to provide adequate entropy
- Truly random sequence of characters (You could use [crypto-random-string](http://npm.im/crypto-random-string))
- Truly random sequence of characters (You could use [crypto-random-string](https://npm.im/crypto-random-string))

@@ -137,0 +137,0 @@ Apart from these safeguards, it is extremely important to [use HTTPS for your website/app](https://letsencrypt.org/) to avoid a bunch of other potential security issues like [MITM attacks](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) etc.

110

test/user-info.test.js

@@ -180,6 +180,12 @@ 'use strict'

await t.rejects(fastify.register(fastifyCsrf, {
getUserInfo (req) {
return req.session.get('username')
}
await t.rejects(new Promise((resolve, reject) => {
fastify.register(fastifyCsrf, {
getUserInfo (req) {
return req.session.get('username')
}
}).then(() => {
resolve()
}).catch(err => {
reject(err)
})
}), Error('csrfOpts.hmacKey is required'))

@@ -192,7 +198,13 @@ })

await t.rejects(fastify.register(fastifyCsrf, {
getUserInfo (req) {
return req.session.get('username')
},
sessionPlugin: '@fastify/cookie'
await t.rejects(new Promise((resolve, reject) => {
fastify.register(fastifyCsrf, {
getUserInfo (req) {
return req.session.get('username')
},
sessionPlugin: '@fastify/cookie'
}).then(() => {
resolve()
}).catch(err => {
reject(err)
})
}), Error('csrfOpts.hmacKey is required'))

@@ -205,9 +217,15 @@ })

await t.rejects(fastify.register(fastifyCsrf, {
getUserInfo (req) {
return req.session.get('username')
},
csrfOpts: {
hmacKey: undefined
}
await t.rejects(new Promise((resolve, reject) => {
fastify.register(fastifyCsrf, {
getUserInfo (req) {
return req.session.get('username')
},
csrfOpts: {
hmacKey: undefined
}
}).then(() => {
resolve()
}).catch(err => {
reject(err)
})
}), Error('csrfOpts.hmacKey is required'))

@@ -220,10 +238,16 @@ })

await t.rejects(fastify.register(fastifyCsrf, {
getUserInfo (req) {
return req.session.get('username')
},
sessionPlugin: '@fastify/cookie',
csrfOpts: {
hmacKey: undefined
}
await t.rejects(new Promise((resolve, reject) => {
fastify.register(fastifyCsrf, {
getUserInfo (req) {
return req.session.get('username')
},
sessionPlugin: '@fastify/cookie',
csrfOpts: {
hmacKey: undefined
}
}).then(() => {
resolve()
}).catch(err => {
reject(err)
})
}), Error('csrfOpts.hmacKey is required'))

@@ -236,7 +260,13 @@ })

await t.resolves(fastify.register(fastifyCsrf, {
getUserInfo (req) {
return req.session.get('username')
},
sessionPlugin: '@fastify/secure-session'
await t.resolves(new Promise((resolve, reject) => {
fastify.register(fastifyCsrf, {
getUserInfo (req) {
return req.session.get('username')
},
sessionPlugin: '@fastify/secure-session'
}).then(() => {
resolve()
}).catch(err => {
reject(err)
})
}))

@@ -249,11 +279,17 @@ })

await t.resolves(fastify.register(fastifyCsrf, {
getUserInfo (req) {
return req.session.get('username')
},
sessionPlugin: '@fastify/secure-session',
csrfOpts: {
hmacKey: 'foo'
}
await t.resolves(new Promise((resolve, reject) => {
fastify.register(fastifyCsrf, {
getUserInfo (req) {
return req.session.get('username')
},
sessionPlugin: '@fastify/secure-session',
csrfOpts: {
hmacKey: 'foo'
}
}).then(() => {
resolve()
}).catch(err => {
reject(err)
})
}))
})

7

types/index.test-d.ts

@@ -49,3 +49,8 @@ import Fastify from 'fastify'

getUserInfo(req) {
return req.session.get<'username', string>('username')
const info = req.session.get('username')
if (info) {
return info
} else {
throw new Error('No user info')
}
}

@@ -52,0 +57,0 @@ })

.github/workflows/ci.yml

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc