diff options
Diffstat (limited to 'vnfmarket/src/main/webapp/vnfmarket/node_modules/csrf/index.js')
-rw-r--r-- | vnfmarket/src/main/webapp/vnfmarket/node_modules/csrf/index.js | 139 |
1 files changed, 139 insertions, 0 deletions
diff --git a/vnfmarket/src/main/webapp/vnfmarket/node_modules/csrf/index.js b/vnfmarket/src/main/webapp/vnfmarket/node_modules/csrf/index.js new file mode 100644 index 00000000..9b252cd3 --- /dev/null +++ b/vnfmarket/src/main/webapp/vnfmarket/node_modules/csrf/index.js @@ -0,0 +1,139 @@ +/*! + * csrf + * Copyright(c) 2014 Jonathan Ong + * Copyright(c) 2015 Douglas Christopher Wilson + * MIT Licensed + */ + +'use strict' + +/** + * Module dependencies. + * @private + */ + +var rndm = require('rndm') +var uid = require('uid-safe') +var compare = require('tsscmp') +var crypto = require('crypto') +var escape = require('base64-url').escape + +/** + * Module exports. + * @public + */ + +module.exports = Tokens + +/** + * Token generation/verification class. + * + * @param {object} [options] + * @param {number} [options.saltLength=8] The string length of the salt + * @param {number} [options.secretLength=18] The byte length of the secret key + * @public + */ + +function Tokens (options) { + if (!(this instanceof Tokens)) { + return new Tokens(options) + } + + var opts = options || {} + + var saltLength = opts.saltLength !== undefined + ? opts.saltLength + : 8 + + if (typeof saltLength !== 'number' || !isFinite(saltLength) || saltLength < 1) { + throw new TypeError('option saltLength must be finite number > 1') + } + + var secretLength = opts.secretLength !== undefined + ? opts.secretLength + : 18 + + if (typeof secretLength !== 'number' || !isFinite(secretLength) || secretLength < 1) { + throw new TypeError('option secretLength must be finite number > 1') + } + + this.saltLength = saltLength + this.secretLength = secretLength +} + +/** + * Create a new CSRF token. + * + * @param {string} secret The secret for the token. + * @public + */ + +Tokens.prototype.create = function create (secret) { + if (!secret || typeof secret !== 'string') { + throw new TypeError('argument secret is required') + } + + return this._tokenize(secret, rndm(this.saltLength)) +} + +/** + * Create a new secret key. + * + * @param {function} [callback] + * @public + */ + +Tokens.prototype.secret = function secret (callback) { + return uid(this.secretLength, callback) +} + +/** + * Create a new secret key synchronously. + * @public + */ + +Tokens.prototype.secretSync = function secretSync () { + return uid.sync(this.secretLength) +} + +/** + * Tokenize a secret and salt. + * @private + */ + +Tokens.prototype._tokenize = function tokenize (secret, salt) { + var hash = crypto + .createHash('sha1') + .update(salt + '-' + secret, 'ascii') + .digest('base64') + return escape(salt + '-' + hash) +} + +/** + * Verify if a given token is valid for a given secret. + * + * @param {string} secret + * @param {string} token + * @public + */ + +Tokens.prototype.verify = function verify (secret, token) { + if (!secret || typeof secret !== 'string') { + return false + } + + if (!token || typeof token !== 'string') { + return false + } + + var index = token.indexOf('-') + + if (index === -1) { + return false + } + + var salt = token.substr(0, index) + var expected = this._tokenize(secret, salt) + + return compare(token, expected) +} |