csrf-tokens
Advanced tools
Comparing version 1.0.0 to 1.0.1
11
index.js
var crypto = require('crypto') | ||
var rndm = require('rndm') | ||
var crypto = require('crypto') | ||
var scmp = require('scmp') | ||
var uid = require('uid2') | ||
@@ -29,4 +31,4 @@ module.exports = function (options) { | ||
// to do: async version | ||
function secret() { | ||
return crypto.randomBytes(secretLength).toString('base64') | ||
function secret(cb) { | ||
return uid(secretLength, cb) | ||
} | ||
@@ -41,3 +43,4 @@ | ||
function verify(secret, token) { | ||
return tokensize(secret, token.split('-')[0]) === token | ||
var expected = tokensize(secret, token.split('-')[0]) | ||
return scmp(token, expected) | ||
} | ||
@@ -44,0 +47,0 @@ |
{ | ||
"name": "csrf-tokens", | ||
"description": "primary logic behind csrf tokens", | ||
"version": "1.0.0", | ||
"version": "1.0.1", | ||
"author": { | ||
@@ -14,3 +14,5 @@ "name": "Jonathan Ong", | ||
"dependencies": { | ||
"rndm": "1" | ||
"rndm": "1", | ||
"uid2": "~0.0.2", | ||
"scmp": "~0.0.3" | ||
}, | ||
@@ -17,0 +19,0 @@ "devDependencies": { |
4912
72
3
+ Addedscmp@~0.0.3
+ Addeduid2@~0.0.2
+ Addedscmp@0.0.3(transitive)
+ Addeduid2@0.0.4(transitive)