🤖 Merge PR DefinitelyTyped#69372 Fix types of csrf impl by @alitas

jdelStrother · Apr 16, 2024 · 80f7e6b · 80f7e6b
1 parent 7f801fd
commit 80f7e6b
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 1 deletion.
diff --git a/types/lusca/index.d.ts b/types/lusca/index.d.ts
@@ -33,6 +33,8 @@ declare namespace lusca {
 
     type csrfOptions = csrfOptionsBase & csrfOptionsAngularOrNonAngular & csrfOptionsBlocklistOrAllowlist;
 
+    type csrfValidateFunction = (req: express.Request, token: unknown) => boolean;
+
     interface csrfOptionsBase {
         /**
          * The name of the CSRF token in the model.
@@ -46,7 +48,13 @@ declare namespace lusca {
         /**
          *  An object with create/validate methods for custom tokens
          */
-        impl?: (() => any) | undefined;
+        impl?: {
+            create?: (
+                req: express.Request,
+                secretKey: string,
+            ) => { secret: string; token: string; validate: csrfValidateFunction };
+            validate?: csrfValidateFunction;
+        } | undefined;
         /**
          * The name of the response header containing the CSRF token
          * @default 'x-csrf-token'

diff --git a/types/lusca/lusca-tests.ts b/types/lusca/lusca-tests.ts
@@ -17,6 +17,20 @@ app.use(lusca({
 app.use(lusca.csrf());
 app.use(lusca.csrf({ cookie: { name: "csrf" }, header: "x-csrf-token" }));
 app.use(lusca.csrf({ cookie: "csrf", angular: true }));
+app.use(
+    lusca.csrf({
+        cookie: "csrf",
+        impl: {
+            create: (req, secretKey) => ({
+                token: "token",
+                secret: "secret",
+                validate(req, token) {
+                    return true;
+                },
+            }),
+        },
+    }),
+);
 app.use(lusca.csrf({ blocklist: ["/blocklist"] }));
 app.use(lusca.csrf({ allowlist: ["/allowlist"] }));
 app.use(lusca.csp({ policy: [{ "img-src": "'self' http:" }, "block-all-mixed-content"], reportOnly: false }));