npm-tokenator
Tokenator is a simple NPM module that decorates specific HTML forms with tokens from an external API for CSRF requests.
Installation and Use
npm i --save @rsc/tokenatorTo call this, simply require the module, and initialize it:
import tokenate from "@rsc/tokenator";
document.addEventListener("DOMContentLoaded", () => {
tokenate(
"https://form-action-that-requires-tokens",
"https://uri-to-request-a-token"
);
});Tokenator expects to be able to retieve a token via a simple GET request to an endpoint. If successful, return a 200 status with the following response:
{
"token": "Some unique token that will be checked by the form processor"
}Tokenator receives that token and inserts it into the form via a hidden input element, e.g.,:
<form action="https://form-action-that-requires-tokens" method="post">
<input type="text" name="name" placeholder="Your Name" />
<input type="text" name="email" placeholder="Email" />
<textarea name="question" placeholder="Your question..."></textarea>
<button type="submit">Contact Us</button>
<!-- This is inserted by tokenator! -->
<input
type="hidden"
name="token"
value="Some unique token that will be checked by the form processor"
/>
</form>Everything else, such as a token validation error, is intended to be handled by you, the consumer of this script.
Testing
Testing is accomplished with Jest and jsdom
cd npm-tokenator
npm install
npm run test