Skip to content

Commit

Permalink
style: run check:fix
Browse files Browse the repository at this point in the history
  • Loading branch information
Lordfirespeed committed Aug 24, 2024
1 parent 6192cc6 commit 8781d5f
Show file tree
Hide file tree
Showing 4 changed files with 30 additions and 25 deletions.
19 changes: 7 additions & 12 deletions src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,28 +8,23 @@ import type {
CsrfTokenAndHashPairValidator,
CsrfTokenCreator,
DoubleCsrfConfig,
DoubleCsrfProtection,
DoubleCsrfUtilities,
GenerateCsrfTokenConfig,
RequestMethod,
ResolvedCSRFCookieOptions,
DoubleCsrfProtection,
} from "./types"

function setSecretCookie<
Request extends CSRFRequest = CSRFRequest,
Response extends CSRFResponse<Request> = CSRFResponse<Request>
>(
req: Request,
res: Response,
secret: string,
{ name, ...options }: ResolvedCSRFCookieOptions,
): void {
Response extends CSRFResponse<Request> = CSRFResponse<Request>,
>(req: Request, res: Response, secret: string, { name, ...options }: ResolvedCSRFCookieOptions): void {
res.cookie(name, secret, options)
}

export function doubleCsrf<
Request extends CSRFRequest = CSRFRequest,
Response extends CSRFResponse<Request> = CSRFResponse<Request>
Response extends CSRFResponse<Request> = CSRFResponse<Request>,
>({
getSecret,
getSessionIdentifier,
Expand Down Expand Up @@ -163,11 +158,11 @@ export function doubleCsrf<

return (
csrfTokenFromCookie === csrfTokenFromRequest &&
await validateTokenAndHashPair(req, res, {
(await validateTokenAndHashPair(req, res, {
incomingToken: csrfTokenFromRequest,
incomingHash: csrfTokenHash,
possibleSecrets,
})
}))
)
}

Expand All @@ -176,7 +171,7 @@ export function doubleCsrf<
next()
return
}
if (!await validateRequest(req, res)) {
if (!(await validateRequest(req, res))) {
throw invalidCsrfTokenError
}
next()
Expand Down
16 changes: 8 additions & 8 deletions src/types.ts
Original file line number Diff line number Diff line change
Expand Up @@ -27,25 +27,25 @@ export type ResolvedCSRFCookieOptions = SerializeOptions & Required<ExtraCookieO

export type TokenRetriever<
Request extends CSRFRequest = CSRFRequest,
Response extends CSRFResponse<Request> = CSRFResponse<Request>
Response extends CSRFResponse<Request> = CSRFResponse<Request>,
> = (req: Request, res: Response) => string | null | undefined | Promise<string | null | undefined>
export type CsrfSecretRetriever<
Request extends CSRFRequest = CSRFRequest,
Response extends CSRFResponse<Request> = CSRFResponse<Request>
Response extends CSRFResponse<Request> = CSRFResponse<Request>,
> = (req: Request, res: Response) => string | Array<string> | Promise<string | Array<string>>
export type DoubleCsrfProtection<
Request extends CSRFRequest = CSRFRequest,
Response extends CSRFResponse<Request> = CSRFResponse<Request>
Response extends CSRFResponse<Request> = CSRFResponse<Request>,
> = (req: Request, res: Response, next: NextFunction) => Promise<void>
export type RequestMethod = "GET" | "HEAD" | "PATCH" | "PUT" | "POST" | "DELETE" | "CONNECT" | "OPTIONS" | "TRACE"
export type CsrfIgnoredMethods = Array<RequestMethod>
export type CsrfRequestValidator<
Request extends CSRFRequest = CSRFRequest,
Response extends CSRFResponse<Request> = CSRFResponse<Request>
Response extends CSRFResponse<Request> = CSRFResponse<Request>,
> = (req: Request, res: Response) => Promise<boolean>
export type CsrfTokenAndHashPairValidator<
Request extends CSRFRequest = CSRFRequest,
Response extends CSRFResponse<Request> = CSRFResponse<Request>
Response extends CSRFResponse<Request> = CSRFResponse<Request>,
> = (
req: Request,
res: Response,
Expand All @@ -61,7 +61,7 @@ export type CsrfTokenAndHashPairValidator<
) => Promise<boolean>
export type CsrfTokenCreator<
Request extends CSRFRequest = CSRFRequest,
Response extends CSRFResponse<Request> = CSRFResponse<Request>
Response extends CSRFResponse<Request> = CSRFResponse<Request>,
> = (req: Request, res: Response, options?: GenerateCsrfTokenOptions) => Promise<string>
export type CsrfErrorConfig = {
statusCode: keyof typeof statusMessages
Expand All @@ -77,7 +77,7 @@ export type GenerateCsrfTokenConfig = {
export type GenerateCsrfTokenOptions = Partial<GenerateCsrfTokenConfig>
export type DoubleCsrfConfig<
Request extends CSRFRequest = CSRFRequest,
Response extends CSRFResponse<Request> = CSRFResponse<Request>
Response extends CSRFResponse<Request> = CSRFResponse<Request>,
> = {
/**
* A function that returns a secret or an array of secrets.
Expand Down Expand Up @@ -158,7 +158,7 @@ export type DoubleCsrfConfig<

export interface DoubleCsrfUtilities<
Request extends CSRFRequest = CSRFRequest,
Response extends CSRFResponse<Request> = CSRFResponse<Request>
Response extends CSRFResponse<Request> = CSRFResponse<Request>,
> {
/**
* The error that will be thrown if a request is invalid.
Expand Down
4 changes: 2 additions & 2 deletions tests/doublecsrf.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -68,11 +68,11 @@ describe("csrf-csrf token-rotation", () => {
})

return {
...await generateMocksWithToken({
...(await generateMocksWithToken({
cookieName,
generateToken,
validateRequest,
}),
})),
validateRequest,
generateToken,
}
Expand Down
16 changes: 13 additions & 3 deletions tests/testsuite.ts
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,12 @@ export const createTestSuite: CreateTestSuite = (name, doubleCsrfOptions) => {
})

it("should reuse a csrf token if a csrf cookie is already present, and overwrite is set to false", async () => {
const { mockRequest, mockResponse, csrfToken, cookieValue: oldCookieValue } = await generateMocksWithTokenInternal()
const {
mockRequest,
mockResponse,
csrfToken,
cookieValue: oldCookieValue,
} = await generateMocksWithTokenInternal()

// reset the mock response to have no cookies (in reality this would just be a new instance of Response)
mockResponse.setHeader("set-cookie", [])
Expand All @@ -87,7 +92,12 @@ export const createTestSuite: CreateTestSuite = (name, doubleCsrfOptions) => {
})

it("should generate a new token even if a csrf cookie is already present, if overwrite is set to true", async () => {
const { mockRequest, mockResponse, csrfToken, cookieValue: oldCookieValue } = await generateMocksWithTokenInternal()
const {
mockRequest,
mockResponse,
csrfToken,
cookieValue: oldCookieValue,
} = await generateMocksWithTokenInternal()

// reset the mock response to have no cookies (in reality this would just be a new instance of Response)
mockResponse.setHeader("set-cookie", [])
Expand Down Expand Up @@ -145,7 +155,7 @@ export const createTestSuite: CreateTestSuite = (name, doubleCsrfOptions) => {
async function runGenerateToken() {
generatedToken = await generateToken(mockRequest, mockResponse, {
overwrite: false,
validateOnReuse: false
validateOnReuse: false,
})
}

Expand Down

0 comments on commit 8781d5f

Please sign in to comment.