├── .gitignore ├── index.js ├── lib └── express-csrf.js ├── package.json └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | npm-debug.log 3 | -------------------------------------------------------------------------------- /index.js: -------------------------------------------------------------------------------- 1 | module.exports = require("./lib/express-csrf"); 2 | -------------------------------------------------------------------------------- /lib/express-csrf.js: -------------------------------------------------------------------------------- 1 | var express = require('express'); 2 | 3 | exports.plugCSRF = function (app) { 4 | app.use(express.csrf()); 5 | app.dynamicHelpers({ 6 | csrf: function (req, res) { 7 | return req.session ? req.session._csrf : ""; 8 | } 9 | }); 10 | }; 11 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "express-csrf-plug" 3 | , "description": "Small helper plugin for the CSRF middleware in Express" 4 | , "version": "0.0.1" 5 | , "author": "Robin Berjon " 6 | , "dependencies": { 7 | } 8 | , "devDependencies": { 9 | } 10 | , "repository": "git://github.com/darobin/express-csrf" 11 | , "main": "index" 12 | } 13 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Overview 3 | 4 | This is a very simple plugin for Express that does very little beyond make CSRF a touch 5 | easier to use. It does two things: enable CSRF protection using the built-in CSRF middleware, 6 | and exposes a "csrf" dynamic variable which can be rendered directly inside views for reuse 7 | by forms and JS. 8 | 9 | Not much really, but I found myself pasting this code over and over again, hence the module. 10 | 11 | ## Usage 12 | 13 | // somewhere after session and body parsing have been set up, but before any of your 14 | // handlers kick in 15 | require("express-csrf-plug").plugCSRF(app); 16 | 17 | 18 | ## Installation 19 | 20 | $ npm install express-csrf-plug 21 | 22 | ## Interface 23 | 24 | This module exports a single method: plugCSRF(). It takes your app object and sets it 25 | up as described on the tin. 26 | 27 | ## License 28 | 29 | (The MIT License) 30 | 31 | Copyright (c) 2012 Robin Berjon <robin@berjon.com> 32 | 33 | Permission is hereby granted, free of charge, to any person obtaining 34 | a copy of this software and associated documentation files (the 35 | 'Software'), to deal in the Software without restriction, including 36 | without limitation the rights to use, copy, modify, merge, publish, 37 | distribute, sublicense, and/or sell copies of the Software, and to 38 | permit persons to whom the Software is furnished to do so, subject to 39 | the following conditions: 40 | 41 | The above copyright notice and this permission notice shall be 42 | included in all copies or substantial portions of the Software. 43 | 44 | THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, 45 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 46 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 47 | IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 48 | CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 49 | TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 50 | SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 51 | --------------------------------------------------------------------------------