Tox1469/csrf-token

GitHub: Tox1469/csrf-token

一个基于 HMAC‑SHA256 的 CSRF 令牌生成与验证工具，解决跨站请求伪造防护中的令牌一致性与安全性问题。

Stars: 0 | Forks: 0

[![CI](https://img.shields.io/github/actions/workflow/status/Tox1469/csrf-token/ci.yml?style=flat-square&label=ci)](https://github.com/Tox1469/csrf-token/actions) [![License](https://img.shields.io/github/license/Tox1469/csrf-token?style=flat-square)](LICENSE) [![Release](https://img.shields.io/github/v/release/Tox1469/csrf-token?style=flat-square)](https://github.com/Tox1469/csrf-token/releases) [![Stars](https://img.shields.io/github/stars/Tox1469/csrf-token?style=flat-square)](https://github.com/Tox1469/csrf-token/stargazers) # csrf-token Geração e verificação de tokens CSRF HMAC-SHA256. ## Instalação ``` npm install csrf-token ``` ## Uso ``` import { createToken, verifyToken } from 'csrf-token'; const token = createToken(process.env.SECRET!, sessionId); const ok = verifyToken(token, process.env.SECRET!, sessionId); ``` ## API - `createToken(secret, sessionId)` — gera nonce + HMAC. - `verifyToken(token, secret, sessionId)` — retorna boolean. ## Segurança Use junto com cookies SameSite=Lax/Strict. Compare em tempo constante. ## Licença MIT

标签：CMS安全, Cookie安全, CSRF, GNU通用公共许可证, HMAC, HMAC-SHA256, JavaScript, MITM代理, Node.js, Nonce, npm, SameSite, SEO: CSRF防护, SEO: HMAC安全, SEO: 令牌验证, SOC Prime, Token, TypeScript, Web安全, YAML, 令牌生成, 令牌验证, 前端安全, 安全库, 安全插件, 常量时间比较, 开发工具, 暗色界面, 网络安全, 自动化攻击, 蓝队分析, 跨站请求伪造, 防跨站请求伪造, 隐私保护