/** * CSRF Protection Types * Defines interfaces and types for CSRF protection functionality */ export interface CSRFConfig { /** Secret key for token generation */ secret: string; /** Token expiration time in milliseconds (default: 1 hour) */ tokenExpiry?: number; /** Cookie name for double-submit pattern */ cookieName?: string; /** Header name for CSRF token */ headerName?: string; /** Form field name for CSRF token */ fieldName?: string; /** Whether to use secure cookies */ secureCookie?: boolean; /** Whether to use httpOnly cookies */ httpOnlyCookie?: boolean; /** SameSite cookie attribute */ sameSite?: 'strict' | 'lax' | 'none'; } export interface CSRFToken { /** The token value */ value: string; /** Token expiration timestamp */ expiresAt: number; /** Session ID associated with the token */ sessionId: string; } export interface CSRFValidationResult { /** Whether the token is valid */ valid: boolean; /** Error message if validation failed */ error?: string; /** Whether the token has expired */ expired?: boolean; } export interface CSRFSession { /** Session identifier */ id: string; /** Active tokens for this session */ tokens: Map; /** Session creation timestamp */ createdAt: number; /** Last activity timestamp */ lastActivity: number; } export interface CSRFRequest { /** Request headers */ headers: Record; /** Request body (for form data) */ body?: any; /** Request cookies */ cookies?: Record; /** Session ID */ sessionId?: string; } export interface CSRFResponse { /** Response headers to set */ headers: Record; /** Cookies to set */ cookies: Array<{ name: string; value: string; options: { httpOnly?: boolean; secure?: boolean; sameSite?: 'strict' | 'lax' | 'none'; maxAge?: number; path?: string; }; }>; } //# sourceMappingURL=types.d.ts.map