├── .gitignore
├── .npmignore
├── History.md
├── Makefile
├── Readme.md
├── component.json
├── lib
    └── index.js
├── package.json
└── test
    └── index.js


/.gitignore:
--------------------------------------------------------------------------------
1 | components
2 | build
3 | node_modules
4 | 


--------------------------------------------------------------------------------
/.npmignore:
--------------------------------------------------------------------------------
1 | support
2 | test
3 | examples
4 | *.sock
5 | 


--------------------------------------------------------------------------------
/History.md:
--------------------------------------------------------------------------------
1 | 
2 | 1.0.0 / 2014-01-17
3 | ==================
4 | 
5 |   * Initial release
6 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
1 | 
2 | test:
3 | 	@./node_modules/.bin/mocha \
4 | 		--reporter spec
5 | 
6 | .PHONY: test


--------------------------------------------------------------------------------
/Readme.md:
--------------------------------------------------------------------------------
 1 | 
 2 | # superagent-csrf
 3 | 
 4 |   Adds CSRF headers to client-side superagent requests
 5 | 
 6 | ## Example
 7 | 
 8 | ```js
 9 | var request = require('superagent');
10 | 
11 | require('superagent-csrf')(request);
12 | 
13 | var token = window._csrf;
14 | 
15 | request
16 |   .post('https://segment.io')
17 |   .csrf(token)
18 |   .end(function (err, res) {
19 |   [...]
20 | });
21 | ```
22 | 
23 | ## API
24 | 
25 | ### request.csrf([token])
26 | 
27 |   Adds an x-csrf-token header to the request so that `connect.csrf()` middleware may read it. If token is omitted, will read from `window._csrf` variable.
28 | 
29 | 
30 | ## License
31 | 
32 | (The MIT License)
33 | 
34 | Copyright (c) 2014 Segment.io <team@segment.io>
35 | 
36 | Permission is hereby granted, free of charge, to any person obtaining
37 | a copy of this software and associated documentation files (the
38 | 'Software'), to deal in the Software without restriction, including
39 | without limitation the rights to use, copy, modify, merge, publish,
40 | distribute, sublicense, and/or sell copies of the Software, and to
41 | permit persons to whom the Software is furnished to do so, subject to
42 | the following conditions:
43 | 
44 | The above copyright notice and this permission notice shall be
45 | included in all copies or substantial portions of the Software.
46 | 
47 | THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
48 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
49 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
50 | IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
51 | CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
52 | TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
53 | SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.


--------------------------------------------------------------------------------
/component.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "superagent-csrf",
 3 |   "repo": "segmentio/superagent-csrf",
 4 |   "description": "Adds CSRF headers to client-side superagent requests",
 5 |   "version": "1.0.0",
 6 |   "keywords": [],
 7 |   "dependencies": {},
 8 |   "development": {},
 9 |   "license": "MIT",
10 |   "main": "lib/index.js",
11 |   "scripts": [
12 |     "lib/index.js"
13 |   ]
14 | }


--------------------------------------------------------------------------------
/lib/index.js:
--------------------------------------------------------------------------------
 1 | 
 2 | /**
 3 |  * Module `exports`
 4 |  */
 5 | 
 6 | module.exports = function (superagent) {
 7 |   var Request = superagent.Request;
 8 |   Request.prototype.csrf = csrf;
 9 |   return superagent;
10 | };
11 | 
12 | /**
13 |  * Adds the CSRF token to the request headers
14 |  *
15 |  * @param {String} token
16 |  */
17 | 
18 | function csrf (token) {
19 |   if (!token) token = window._csrf;
20 |   this.set('X-CSRF-Token', token);
21 |   return this;
22 | }


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "superagent-csrf",
 3 |   "version": "1.0.0",
 4 |   "description": "Adds CSRF headers to client-side superagent requests",
 5 |   "keywords": [],
 6 |   "author": "Segment.io <team@segment.io>",
 7 |   "repository": {
 8 |     "type": "git",
 9 |     "url": "git://github.com/segmentio/superagent-csrf.git"
10 |   },
11 |   "dependencies": {},
12 |   "devDependencies": {
13 |     "mocha": "~1.17.0",
14 |     "express": "~3.4.8",
15 |     "supertest": "~0.9.0",
16 |     "superagent": "~0.16.0"
17 |   },
18 |   "main": "lib"
19 | }
20 | 


--------------------------------------------------------------------------------
/test/index.js:
--------------------------------------------------------------------------------
 1 | var assert = require('assert');
 2 | var express = require('express');
 3 | var request = require('superagent');
 4 | 
 5 | require('../')(request);
 6 | 
 7 | 
 8 | describe('superagent-csrf', function () {
 9 |   var token;
10 |   var port = 8401;
11 |   var host = 'localhost:' + port;
12 | 
13 |   var app = express()
14 |     .use(express.cookieParser())
15 |     .use(express.session({ secret: 'secret' }))
16 |     .use(express.csrf())
17 |     .get('/token', function (req, res, next) {
18 |       token = req.csrfToken();
19 |       res.end();
20 |     })
21 |     .post('/', function (req, res, next) {
22 |       res.end();
23 |     });
24 | 
25 |   var agent = request.agent();
26 | 
27 |   before(function (done) {
28 |     app.listen(8401, done);
29 |   });
30 | 
31 |   /**
32 |    * Set up the closured token so the client can use it to request
33 |    */
34 | 
35 |   before(function (done) {
36 |     agent
37 |       .get(host + '/token')
38 |       .end(function (err, res) {
39 |         assert(!err);
40 |         done();
41 |       });
42 |   });
43 | 
44 |   it('should succeed against CSRF middleware', function (done) {
45 |     agent
46 |       .post(host + '/')
47 |       .csrf(token)
48 |       .end(function (err, res) {
49 |         assert(res.status === 200);
50 |         done();
51 |       });
52 |   });
53 | 
54 |   it('should fail when CSRF no token is provided', function (done) {
55 |     agent
56 |       .post(host + '/')
57 |       .end(function (err, res) {
58 |         assert(res.status === 403);
59 |         done();
60 |       });
61 |   });
62 | });


--------------------------------------------------------------------------------