aptx-api-plugin-csrf
14
总安装量
8
周安装量
#23769
全站排名
安装命令
npx skills add https://github.com/haibaraaiaptx/aptx-skill --skill aptx-api-plugin-csrf
Agent 安装分布
opencode
8
gemini-cli
8
claude-code
8
github-copilot
8
codex
8
kimi-cli
8
Skill 文档
aptx-api-plugin-csrf
å¨æ¥å ¥ CSRF æ件æ¶ï¼æ§è¡ä»¥ä¸æµç¨ï¼
- 使ç¨
createCsrfMiddleware({ cookieName, headerName, sameOriginOnly, getCookie })å建ä¸é´ä»¶ - æ ¹æ®ç¯å¢éæ©é
ç½®ï¼
- æµè§å¨ç¯å¢ï¼ä½¿ç¨é»è®¤
getCookieï¼èªå¨ä½¿ç¨document.cookieï¼ - SSR/Node ç¯å¢ï¼å¿
é¡»æä¾èªå®ä¹
getCookieå½æ°
- æµè§å¨ç¯å¢ï¼ä½¿ç¨é»è®¤
- ä¿æ
sameOriginOnly: trueï¼é»è®¤ï¼ï¼é¿å è·¨å请æ±è¯¯æ³¨å ¥ CSRF 头 - 确认åå端约å®ç cookie/header å称ä¸è´
- å°ä¸é´ä»¶æè½½å°
RequestClient.use()ææé å½æ°
注æ: éè¦åæ¶å®è£
@aptx/api-core ä½ä¸º peer dependencyã
å¿«éåè
| é项 | ç±»å | é»è®¤å¼ | 说æ |
|---|---|---|---|
cookieName |
string |
"XSRF-TOKEN" |
CSRF cookie å称 |
headerName |
string |
"X-XSRF-TOKEN" |
åå ¥ CSRF token ç header å称 |
sameOriginOnly |
boolean |
true |
ä» å¨åæºè¯·æ±ä¸éå token |
getCookie |
(name) => string | undefined |
æµè§å¨é»è®¤ä½¿ç¨ document.cookie |
èªå®ä¹ cookie 读åå½æ°ï¼SSR å¿ é¡»æä¾ï¼ |
ä½æ¶æ·»å CSRF token:
| åºæ¯ | æ·»å token |
|---|---|
Cookie åå¨ + sameOriginOnly: false |
â |
Cookie åå¨ + sameOriginOnly: true + åæºè¯·æ± |
â |
Cookie åå¨ + sameOriginOnly: true + è·¨åè¯·æ± |
â |
| Cookie ä¸åå¨ | â |
æå°æ¨¡æ¿
æµè§å¨ç¯å¢
import { RequestClient } from "@aptx/api-core";
import { createCsrfMiddleware } from "@aptx/api-plugin-csrf";
const client = new RequestClient({
middlewares: [
createCsrfMiddleware({
cookieName: "XSRF-TOKEN",
headerName: "X-XSRF-TOKEN",
sameOriginOnly: true,
// æµè§å¨ç¯å¢ä¸ä¸éè¦ getCookieï¼èªå¨ä½¿ç¨ document.cookie
})
]
});
æ¸è¿å¼å¢å¼º
import { createCsrfMiddleware } from "@aptx/api-plugin-csrf";
const client = new RequestClient();
client.use(createCsrfMiddleware({
cookieName: "XSRF-TOKEN",
headerName: "X-XSRF-TOKEN",
sameOriginOnly: true,
}));
SSR/Next.js ç¯å¢
import { createCsrfMiddleware } from "@aptx/api-plugin-csrf";
import { cookies } from 'next/headers';
const csrf = createCsrfMiddleware({
cookieName: "XSRF-TOKEN",
headerName: "X-XSRF-TOKEN",
sameOriginOnly: true,
getCookie: (name) => {
const cookieStore = cookies();
return cookieStore.get(name)?.value; // SSR å¿
é¡»æä¾ getCookie
}
});
Node.js/Express ç¯å¢
import { createCsrfMiddleware } from "@aptx/api-plugin-csrf";
const csrf = createCsrfMiddleware({
cookieName: "XSRF-TOKEN",
headerName: "X-XSRF-TOKEN",
sameOriginOnly: true,
getCookie: (name) => {
const cookies = req.cookies; // ä» cookie-parser æ req.headers.cookie 读å
const value = cookies?.[name];
return value ? decodeURIComponent(value) : undefined;
}
});
ç¯å¢éé è¦ç¹
ç¯å¢å·®å¼
| ç¯å¢ | document.cookie |
window.location |
é»è®¤ getCookie |
é»è®¤ isSameOrigin |
|---|---|---|---|---|
| æµè§å¨ | â å¯ç¨ | â å¯ç¨ | â ä½¿ç¨ document.cookie | â æ£æ¥ origin |
| SSR (Next.js) | â undefined | â undefined | â éè¦èªå®ä¹ getCookie | â è¿å trueï¼å§ç»åæºï¼ |
| Node.js | â undefined | â undefined | â éè¦èªå®ä¹ getCookie | â è¿å trueï¼å§ç»åæºï¼ |
å ³é®çº¦æ
- SSR/Node ç¯å¢å¿
é¡»æä¾
getCookieå½æ°ï¼å¦åä¼æ¥édocument is not defined getCookieè¿ååå§ cookie å¼ï¼ä¸é´ä»¶ä¼èªå¨decodeURIComponentï¼ä¸è¦æå¨è§£ç - é»è®¤
sameOriginOnly: true对大å¤æ°ç¨ä¾æ¯å®å ¨ç - Cookie å¼ä¼ URL 解ç ååæ·»å å° header
详ç»ææ¡£
| ææ¡£ | å 容 |
|---|---|
| API Details | å®æ´ API ææ¡£ãé ç½®é项详解ãé»è®¤å®ç° |
| Environment Adaptation | æµè§å¨/SSR/Node ç¯å¢è¯¦ç»éé æå |
| Testing Guide | æµè¯çç¥ãæµè¯ç¤ºä¾ä»£ç |
| Troubleshooting | 常è§é®é¢ãæ éææ¥ãè°è¯æå·§ |