{"id":13779243,"url":"https://github.com/koajs/csrf","last_synced_at":"2025-04-12T22:20:51.235Z","repository":{"id":11686094,"uuid":"14197336","full_name":"koajs/csrf","owner":"koajs","description":"CSRF tokens for koa","archived":false,"fork":false,"pushed_at":"2022-07-02T05:14:19.000Z","size":404,"stargazers_count":265,"open_issues_count":0,"forks_count":31,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-04-11T15:26:08.751Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"alexlouden/Terraform.tmLanguage","license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/koajs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-11-07T07:41:09.000Z","updated_at":"2025-01-11T00:12:15.000Z","dependencies_parsed_at":"2022-08-30T01:41:36.622Z","dependency_job_id":null,"html_url":"https://github.com/koajs/csrf","commit_stats":null,"previous_names":[],"tags_count":24,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/koajs%2Fcsrf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/koajs%2Fcsrf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/koajs%2Fcsrf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/koajs%2Fcsrf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/koajs","download_url":"https://codeload.github.com/koajs/csrf/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248638478,"owners_count":21137665,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T18:01:02.977Z","updated_at":"2025-04-12T22:20:51.208Z","avatar_url":"https://github.com/koajs.png","language":"JavaScript","funding_links":[],"categories":["Middleware","仓库","Koa Middlewares"],"sub_categories":["中间件"],"readme":"# koa-csrf\n\n[![build status](https://github.com/koajs/csrf/actions/workflows/ci.yml/badge.svg)](https://github.com/koajs/csrf/actions/workflows/ci.yml)\n[![build status](https://img.shields.io/travis/koajs/csrf.svg)](https://travis-ci.com/koajs/csrf)\n[![code style](https://img.shields.io/badge/code_style-XO-5ed9c7.svg)](https://github.com/sindresorhus/xo)\n[![styled with prettier](https://img.shields.io/badge/styled_with-prettier-ff69b4.svg)](https://github.com/prettier/prettier)\n[![made with lass](https://img.shields.io/badge/made_with-lass-95CC28.svg)](https://lass.js.org)\n[![license](https://img.shields.io/github/license/koajs/csrf.svg)](LICENSE)\n\n\u003e CSRF tokens for Koa\n\n\u003e **NOTE:** As of v5.0.0+ `ctx.csrf`, `ctx_csrf`, and `ctx.response.csrf` are removed – instead use `ctx.state._csrf`.  Furthermore we have dropped `invalidTokenMessage` and `invalidTokenStatusCode` in favor of an `errorHandler` function option.\n\n\n## Table of Contents\n\n* [Install](#install)\n* [Usage](#usage)\n* [Options](#options)\n* [Contributors](#contributors)\n* [License](#license)\n\n\n## Install\n\n[npm][]:\n\n```sh\nnpm install koa-csrf\n```\n\n\n## Usage\n\n1. Add middleware in Koa app (see [options](#options) below):\n\n   ```js\n   const Koa = require('koa');\n   const bodyParser = require('koa-bodyparser');\n   const session = require('koa-generic-session');\n   const convert = require('koa-convert');\n   const CSRF = require('koa-csrf');\n\n   const app = new Koa();\n\n   // set the session keys\n   app.keys = [ 'a', 'b' ];\n\n   // add session support\n   app.use(convert(session()));\n\n   // add body parsing\n   app.use(bodyParser());\n\n   // add the CSRF middleware\n   app.use(new CSRF());\n\n   // your middleware here (e.g. parse a form submit)\n   app.use((ctx, next) =\u003e {\n     if (![ 'GET', 'POST' ].includes(ctx.method))\n       return next();\n     if (ctx.method === 'GET') {\n       ctx.body = ctx.state._csrf;\n       return;\n     }\n     ctx.body = 'OK';\n   });\n\n   app.listen();\n   ```\n\n2. Add the CSRF token in your template forms:\n\n   \u003e Jade Template:\n\n   ```jade\n   form(action='/register', method='POST')\n     input(type='hidden', name='_csrf', value=_csrf)\n     input(type='email', name='email', placeholder='Email')\n     input(type='password', name='password', placeholder='Password')\n     button(type='submit') Register\n   ```\n\n   \u003e EJS Template:\n\n   ```ejs\n   \u003cform action=\"/register\" method=\"POST\"\u003e\n     \u003cinput type=\"hidden\" name=\"_csrf\" value=\"\u003c%= _csrf %\u003e\" /\u003e\n     \u003cinput type=\"email\" name=\"email\" placeholder=\"Email\" /\u003e\n     \u003cinput type=\"password\" name=\"password\" placeholder=\"Password\" /\u003e\n     \u003cbutton type=\"submit\"\u003eRegister\u003c/button\u003e\n   \u003c/form\u003e\n   ```\n\n\n## Options\n\n* `errorHandler` (Function) - defaults to a function that returns `ctx.throw(403, 'Invalid CSRF token')`\n* `excludedMethods` (Array) - defaults to `[ 'GET', 'HEAD', 'OPTIONS' ]`\n* `disableQuery` (Boolean) - defaults to `false`\n* `ignoredPathGlobs` (Array) - defaults to an empty Array, but you can pass an Array of glob paths to ignore\n\n\n## Contributors\n\n| Name            | Website                           |\n| --------------- | --------------------------------- |\n| **Nick Baugh**  | \u003chttps://github.com/niftylettuce\u003e |\n| **Imed Jaberi** | \u003chttps://www.3imed-jaberi.com/\u003e   |\n\n\n## License\n\n[MIT](LICENSE) © [Jonathan Ong](http://jongleberry.com)\n\n\n##\n\n[npm]: https://www.npmjs.com/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkoajs%2Fcsrf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkoajs%2Fcsrf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkoajs%2Fcsrf/lists"}