diff --git a/src/index.ts b/src/index.ts index d23553b..464f4f8 100644 --- a/src/index.ts +++ b/src/index.ts @@ -8,28 +8,23 @@ import type { CsrfTokenAndHashPairValidator, CsrfTokenCreator, DoubleCsrfConfig, + DoubleCsrfProtection, DoubleCsrfUtilities, GenerateCsrfTokenConfig, RequestMethod, ResolvedCSRFCookieOptions, - DoubleCsrfProtection, } from "./types" function setSecretCookie< Request extends CSRFRequest = CSRFRequest, - Response extends CSRFResponse = CSRFResponse ->( - req: Request, - res: Response, - secret: string, - { name, ...options }: ResolvedCSRFCookieOptions, -): void { + Response extends CSRFResponse = CSRFResponse, +>(req: Request, res: Response, secret: string, { name, ...options }: ResolvedCSRFCookieOptions): void { res.cookie(name, secret, options) } export function doubleCsrf< Request extends CSRFRequest = CSRFRequest, - Response extends CSRFResponse = CSRFResponse + Response extends CSRFResponse = CSRFResponse, >({ getSecret, getSessionIdentifier, @@ -163,11 +158,11 @@ export function doubleCsrf< return ( csrfTokenFromCookie === csrfTokenFromRequest && - await validateTokenAndHashPair(req, res, { + (await validateTokenAndHashPair(req, res, { incomingToken: csrfTokenFromRequest, incomingHash: csrfTokenHash, possibleSecrets, - }) + })) ) } @@ -176,7 +171,7 @@ export function doubleCsrf< next() return } - if (!await validateRequest(req, res)) { + if (!(await validateRequest(req, res))) { throw invalidCsrfTokenError } next() diff --git a/src/types.ts b/src/types.ts index d748297..0fb920b 100644 --- a/src/types.ts +++ b/src/types.ts @@ -27,25 +27,25 @@ export type ResolvedCSRFCookieOptions = SerializeOptions & Required = CSRFResponse + Response extends CSRFResponse = CSRFResponse, > = (req: Request, res: Response) => string | null | undefined | Promise export type CsrfSecretRetriever< Request extends CSRFRequest = CSRFRequest, - Response extends CSRFResponse = CSRFResponse + Response extends CSRFResponse = CSRFResponse, > = (req: Request, res: Response) => string | Array | Promise> export type DoubleCsrfProtection< Request extends CSRFRequest = CSRFRequest, - Response extends CSRFResponse = CSRFResponse + Response extends CSRFResponse = CSRFResponse, > = (req: Request, res: Response, next: NextFunction) => Promise export type RequestMethod = "GET" | "HEAD" | "PATCH" | "PUT" | "POST" | "DELETE" | "CONNECT" | "OPTIONS" | "TRACE" export type CsrfIgnoredMethods = Array export type CsrfRequestValidator< Request extends CSRFRequest = CSRFRequest, - Response extends CSRFResponse = CSRFResponse + Response extends CSRFResponse = CSRFResponse, > = (req: Request, res: Response) => Promise export type CsrfTokenAndHashPairValidator< Request extends CSRFRequest = CSRFRequest, - Response extends CSRFResponse = CSRFResponse + Response extends CSRFResponse = CSRFResponse, > = ( req: Request, res: Response, @@ -61,7 +61,7 @@ export type CsrfTokenAndHashPairValidator< ) => Promise export type CsrfTokenCreator< Request extends CSRFRequest = CSRFRequest, - Response extends CSRFResponse = CSRFResponse + Response extends CSRFResponse = CSRFResponse, > = (req: Request, res: Response, options?: GenerateCsrfTokenOptions) => Promise export type CsrfErrorConfig = { statusCode: keyof typeof statusMessages @@ -77,7 +77,7 @@ export type GenerateCsrfTokenConfig = { export type GenerateCsrfTokenOptions = Partial export type DoubleCsrfConfig< Request extends CSRFRequest = CSRFRequest, - Response extends CSRFResponse = CSRFResponse + Response extends CSRFResponse = CSRFResponse, > = { /** * A function that returns a secret or an array of secrets. @@ -158,7 +158,7 @@ export type DoubleCsrfConfig< export interface DoubleCsrfUtilities< Request extends CSRFRequest = CSRFRequest, - Response extends CSRFResponse = CSRFResponse + Response extends CSRFResponse = CSRFResponse, > { /** * The error that will be thrown if a request is invalid. diff --git a/tests/doublecsrf.test.ts b/tests/doublecsrf.test.ts index 98e66b7..a56fad5 100644 --- a/tests/doublecsrf.test.ts +++ b/tests/doublecsrf.test.ts @@ -68,11 +68,11 @@ describe("csrf-csrf token-rotation", () => { }) return { - ...await generateMocksWithToken({ + ...(await generateMocksWithToken({ cookieName, generateToken, validateRequest, - }), + })), validateRequest, generateToken, } diff --git a/tests/testsuite.ts b/tests/testsuite.ts index 1c36d1e..279c5a5 100644 --- a/tests/testsuite.ts +++ b/tests/testsuite.ts @@ -73,7 +73,12 @@ export const createTestSuite: CreateTestSuite = (name, doubleCsrfOptions) => { }) it("should reuse a csrf token if a csrf cookie is already present, and overwrite is set to false", async () => { - const { mockRequest, mockResponse, csrfToken, cookieValue: oldCookieValue } = await generateMocksWithTokenInternal() + const { + mockRequest, + mockResponse, + csrfToken, + cookieValue: oldCookieValue, + } = await generateMocksWithTokenInternal() // reset the mock response to have no cookies (in reality this would just be a new instance of Response) mockResponse.setHeader("set-cookie", []) @@ -87,7 +92,12 @@ export const createTestSuite: CreateTestSuite = (name, doubleCsrfOptions) => { }) it("should generate a new token even if a csrf cookie is already present, if overwrite is set to true", async () => { - const { mockRequest, mockResponse, csrfToken, cookieValue: oldCookieValue } = await generateMocksWithTokenInternal() + const { + mockRequest, + mockResponse, + csrfToken, + cookieValue: oldCookieValue, + } = await generateMocksWithTokenInternal() // reset the mock response to have no cookies (in reality this would just be a new instance of Response) mockResponse.setHeader("set-cookie", []) @@ -145,7 +155,7 @@ export const createTestSuite: CreateTestSuite = (name, doubleCsrfOptions) => { async function runGenerateToken() { generatedToken = await generateToken(mockRequest, mockResponse, { overwrite: false, - validateOnReuse: false + validateOnReuse: false, }) }