@fastify/csrf - npm Package Compare versions

Comparing version 6.1.0 to 6.2.0

test/hmac.test.js

index.js

		@@ -74,2 +74,13 @@ 'use strict'

		const hmacKey = opts.hmacKey

		if (hmacKey) {
		try {
		// validate if the hmacKey is a valid format
		hashingStrategy(algorithm, hmacKey)
		} catch (err) {
		throw new TypeError('option hmacKey must be a supported hmac key')
		}
		}

		this.algorithm = algorithm
		@@ -81,2 +92,3 @@ this.saltLength = saltLength
		this.userInfo = userInfo
		this.hmacKey = hmacKey
		}
		@@ -211,7 +223,7 @@
		if (typeof userInfo === 'string') {
		toHash += crypto
		.createHash(algorithm)
		.update(userInfo)
		.digest('base64url')
		.replace(MINUS_GLOBAL_REGEXP, '_') + '-'
		toHash +=
		hashingStrategy(algorithm, this.hmacKey)
		.update(userInfo)
		.digest('base64url')
		.replace(MINUS_GLOBAL_REGEXP, '_') + '-'
		}
		@@ -221,6 +233,6 @@

		return toHash + '-' + crypto
		.createHash(algorithm)
		.update(toHash + '-' + secret, 'ascii')
		.digest('base64url')
		return toHash + '-' +
		hashingStrategy(algorithm, this.hmacKey)
		.update(toHash + '-' + secret, 'ascii')
		.digest('base64url')
		}
		@@ -235,4 +247,3 @@ : function _tokenize (secret, salt, date, userInfo, algorithm) {
		if (typeof userInfo === 'string') {
		toHash += crypto
		.createHash(algorithm)
		toHash += hashingStrategy(algorithm, this.hmacKey)
		.update(userInfo)
		@@ -246,4 +257,3 @@ .digest('base64')

		return toHash + '-' + crypto
		.createHash(algorithm)
		return toHash + '-' + hashingStrategy(algorithm, this.hmacKey)
		.update(toHash + '-' + secret, 'ascii')
		@@ -346,4 +356,11 @@ .digest('base64')

		function hashingStrategy (algorithm, key) {
		if (key) {
		return crypto.createHmac(algorithm, key)
		}
		return crypto.createHash(algorithm)
		}

		module.exports = Tokens
		module.exports.default = Tokens
		module.exports.Tokens = Tokens

package.json

		{
		"name": "@fastify/csrf",
		"description": "primary logic behind csrf tokens",
		"version": "6.1.0",
		"version": "6.2.0",
		"author": "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)",
		@@ -29,2 +29,3 @@ "main": "index.js",
		"devDependencies": {
		"@types/node": "^18.14.6",
		"beautify-benchmark": "^0.2.4",
		@@ -31,0 +32,0 @@ "benchmark": "^2.1.4",

README.md

		@@ -71,2 +71,6 @@ # CSRF

		##### hmacKey

		When set, the `hmacKey` is used to generate the cryptographic HMAC hash instead of the default hash function.

		##### validity
		@@ -73,0 +77,0 @@

types/index.d.ts

		@@ -82,2 +82,8 @@ interface TokensConstructor {
		userInfo?: boolean;

		/**
		* The HMAC key used to generate the cryptographic HMAC hash
		*
		*/
		hmacKey?: string \| ArrayBuffer \| Buffer \| TypedArray \| DataView \| CryptoKey;
		}
		@@ -89,3 +95,14 @@

		type TypedArray =
		\| Int8Array
		\| Uint8Array
		\| Uint8ClampedArray
		\| Int16Array
		\| Uint16Array
		\| Int32Array
		\| Uint32Array
		\| Float32Array
		\| Float64Array;

		declare function Tokens(...params: Parameters<TokensConstructor>): ReturnType<TokensConstructor>
		export = Tokens

types/index.test-d.ts

		@@ -14,2 +14,3 @@ import { expectError, expectType } from "tsd";
		Tokens({ validity: 10000 });
		Tokens({ hmacKey: 'foo' });
		new Tokens({ saltLength: 10 });
		@@ -31,2 +32,4 @@ new Tokens({ secretLength: 10 });

		expectError(new Tokens({ hmacKey: 123 }));

		expectType<Promise<string>>(Tokens().secret());
		@@ -33,0 +36,0 @@ expectType<Promise<string>>(new Tokens().secret());

@fastify/csrf - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics