### Install @fastify/csrf Source: https://github.com/fastify/csrf/blob/main/README.md Install the CSRF module using npm. ```sh npm i @fastify/csrf ``` -------------------------------- ### Initialize CSRF Tokens Source: https://github.com/fastify/csrf/blob/main/README.md Import and create a new instance of the Tokens class. Options can be provided to customize token generation. ```js const Tokens = require('@fastify/csrf') ``` -------------------------------- ### new Tokens([options]) Source: https://github.com/fastify/csrf/blob/main/README.md Creates a new instance for CSRF token generation and verification. Options can be provided to customize the token generation process. ```APIDOC ## new Tokens([options]) ### Description Create a new token generation/verification instance. The `options` argument is optional and will just use all defaults if missing. ### Options Tokens accept these properties in the options object. ##### algorithm The hash-algorithm to generate the token. Defaults to `sha256`. ##### saltLength The length of the internal salt to use, in characters. Internally, the salt is a base 62 string. Defaults to `8` characters. ##### secretLength The length of the secret to generate, in bytes. Note that the secret is passed around base-64 encoded and that this length refers to the underlying bytes, not the length of the base-64 string. Defaults to `18` bytes. ##### userInfo Require user-specific information in `tokens.create()` and `tokens.verify()`. ##### hmacKey When set, the `hmacKey` is used to generate the cryptographic HMAC hash instead of the default hash function. ##### validity The maximum validity of the token to generate, in milliseconds. Note that the epoch is passed around base-36 encoded. Defaults to `0` milliseconds (disabled). ``` -------------------------------- ### tokens.secretSync() Source: https://github.com/fastify/csrf/blob/main/README.md Synchronously generates a new secret string. Use this when asynchronous operations are not desired or possible. ```APIDOC ## tokens.secretSync() ### Description A synchronous version of `tokens.secret(callback)`. Please see `tokens.secret(callback)` documentation for full details. ### Request Example ```js const secret = tokens.secretSync() ``` ``` -------------------------------- ### Generate Secret Asynchronously with Promises Source: https://github.com/fastify/csrf/blob/main/README.md Asynchronously generate a secret string using Promises. This is an alternative to the callback-based approach and requires a Promise polyfill for Node.js versions prior to 0.12. ```js tokens.secret().then(function (secret) { // Do something with the secret }) ``` -------------------------------- ### tokens.create(secret[, userInfo]) Source: https://github.com/fastify/csrf/blob/main/README.md Generates a CSRF token associated with a given secret. This token should be included in forms and sent back by the client. ```APIDOC ## tokens.create(secret[, userInfo]) ### Description Create a new CSRF token attached to the given `secret`. The `secret` is a string, typically generated from the `tokens.secret()` or `tokens.secretSync()` methods. This token is what you should add into HTML `