Skip to content

Commit

Permalink
Updated the README to include usage
Browse files Browse the repository at this point in the history
  • Loading branch information
chmking authored Aug 22, 2022
1 parent bdcde05 commit 0b7b260
Show file tree
Hide file tree
Showing 3 changed files with 47 additions and 2 deletions.
3 changes: 2 additions & 1 deletion .github/workflows/publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@ on:
types: [created]

jobs:
build:
publish:
environment: npm
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
Expand Down
44 changes: 44 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,47 @@ This is a [Node.js](https://nodejs.org/en/) module available through the
```sh
$ npm install @chmking/h3-csrf
```

## Usage

The CSRF protection middleware is added to H3 as a priority to inject `csrfToken()` in the `event`:

```js
import { createServer } from 'http'
import { createApp } from 'h3'
import { csurf } from '@chmking/h3-csrf'

const app = createApp()
app.use(csurf())

const server = createServer(app)
```

Further down the layers, the token can be retrieved from the `event`:

```js
handler(event: CompatibilityEvent) => {
const token = event.req.csrfToken()
}
```

### csurf([options])

Creates a middleware for token creation an validation. The middleare injects `event.req.csrfToken()` function to make a token which should be added to requests which mutate the state. This token it validated against the visitor's csrf cookie.

### Options

The `csurf` function takes an optional `Options` object that may contain the following keys:

#### verifiedMehtods?: Array\<HTTPMethod\>

A list of HTTP methods that will be verified by the CSRF middleware. Only the server endpoints corresponding to these methods will be verified.

Defaults:
```js
['PATCH', 'POST', 'PUT', 'DELETE']
```

## License

Distributed under the MIT License. See [LICENSE](LICENSE) for more information.
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"name": "@chmking/h3-csrf",
"description": "CSRF token middleware for H3",
"version": "0.1.0",
"version": "0.1.1",
"author": "Christopher King <[email protected]>",
"license": "MIT",
"main": "dist/index.js",
Expand Down

0 comments on commit 0b7b260

Please sign in to comment.