From ed21021d505ff2a459d326b804c8ec1a001788ed Mon Sep 17 00:00:00 2001
From: Clark Tozer <clarkwtozer@gmail.com>
Date: Thu, 25 Feb 2021 11:47:23 +1100
Subject: [PATCH] update docs

---
 .prettierrc  |  3 +-
 README.md    | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++-
 src/index.ts |  6 ++--
 3 files changed, 84 insertions(+), 5 deletions(-)

diff --git a/.prettierrc b/.prettierrc
index 8f6ff21..0352bfe 100644
--- a/.prettierrc
+++ b/.prettierrc
@@ -3,5 +3,6 @@
     "singleQuote": false,
     "arrowParens": "avoid",
     "tabWidth": 4,
-    "endOfLine": "auto"
+    "endOfLine": "auto",
+    "trailingComma": "none"
 }
diff --git a/README.md b/README.md
index b1c7a49..151007b 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,80 @@
 # type-graphql-csrf-middleware
-TypeGraphQL middleware for handling csrf tokens
+
+TypeGraphQL middleware for handling csrf tokens with an express server with express-sessions.
+
+Required Peer Dependencies:
+
+-   express
+-   express-session
+-   crsf
+-   cookie-parser
+-   graphql
+-   type-graphql
+
+## Installation
+
+```bash
+npm install type-graphql-csrf-middleware
+
+yarn add type-graphql-csrf-middleware
+```
+
+```bash
+import { ValidAntiForgeryToken } from "type-graphql-csrf-middleware";
+```
+
+## Getting Started
+
+Your express server will need to add a csrf token as a cookie and a csrf secret to the session.
+Below is an example express route middleware to add the tokens.
+
+```javascript
+const addCsrf = (req: Request, res: Response, next: NextFunction) => {
+    const tokens = new Tokens();
+    const secret = tokens.secretSync();
+    const token = tokens.create(secret);
+
+    res.cookie("csrfToken", token);
+    req.session.csrfSecret = secret;
+
+    next();
+};
+```
+
+## Resolver Middleware Use
+
+The type-graphql middleware needs a cookie key and a session key in order to verify the token.
+
+```javascript
+import { ValidAntiForgeryToken } from "type-graphql-csrf-middleware";
+
+@Resolver(User)
+export class UserResolver {
+    @Query(() => User)
+    @UseMiddleware(ValidAntiForgeryToken({ cookieKey: "csrfToken", secretKey: "csrfSecret" }))
+    async me(@Ctx() ctx: MyContext): Promise<User | undefined> {
+        {...}
+    }
+}
+```
+
+The middleware can also be reusable between resolvers and resolver functions.
+
+```javascript
+import { ValidAntiForgeryToken } from "type-graphql-csrf-middleware";
+
+const Authorized = ValidAntiForgeryToken({
+    cookieKey: "csrfToken",
+    secretKey: "csrfSecret",
+    message: "Access Denied!"
+});
+
+@Resolver(User)
+export class UserResolver {
+    @Query(() => User)
+    @UseMiddleware(Authorized)
+    async me(@Ctx() ctx: MyContext): Promise<User | undefined> {
+        {...}
+    }
+}
+```
diff --git a/src/index.ts b/src/index.ts
index 923f323..842dcdd 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -9,18 +9,18 @@ interface IContext {
 
 export interface ValidAntiForgeryTokenProps {
     cookieKey: string;
-    sessionKey: string;
+    secretKey: string;
     message?: string;
 }
 
 export const ValidAntiForgeryToken = <T extends IContext>({
     cookieKey,
     message = "Unauthorized",
-    sessionKey,
+    secretKey
 }: ValidAntiForgeryTokenProps): MiddlewareFn<T> => ({ context }, next) => {
     const tokens = new Tokens();
     const token = context.req.cookies[cookieKey];
-    const secret = context.req.session[sessionKey];
+    const secret = context.req.session[secretKey];
 
     if (!secret || !tokens.verify(secret, token)) {
         throw new Error(message);