search

Psifi-Solutions / csrf-csrf

A utility package to help implement stateless CSRF protection using the Double Submit Cookie Pattern in express.
Other
120 stars 18 forks source link

Fix: Changes in DoubleCsrfConfig interface related to optional keys #49

Closed bkvishe closed 7 months ago

bkvishe commented 9 months ago

Made modifications to the DoubleCsrfConfig interface, indicating keys as optional based on the documentation where they are proposed as optional and have default values.

psibean commented 9 months ago

This isn't quite right.

DoubleCsrfConfig should be a type which reflects the configuration options where all of the options that have default values should be required and are not undefined.

You'll find that the DoubleCsrfConfigOptions is what is used to type the actual parameter of the doubleCsrfProtection function. These are the "options" you can (but don't have to) provide to the config. The former type is just the final expected structure of the config, where those properties are 100% expected to be there, regardless of whether or not they were passed in.

This type exists:

export type DoubleCsrfConfigOptions = Partial<DoubleCsrfConfig> & {
  getSecret: CsrfSecretRetriever;
};

The types allow to differentiate between what needs to be passed in (argument type) vs what the object is regardless of what is passed in (argument type merged with defaults).

psibean commented 7 months ago

Closing this as the optional and partial types are available / existing and this PR is changing a type that is correct / intentional.