Kitty

Overview

KittyKitty is a collection of utilities for SvelteKit that includes libraries and handlers for developing secure frontend apps. It features encrypted server-side sessions and provides mitigations against CSRF attacks for forms submitted to the server.

Features

• Encrypted server-side sessions: KittyKitty encrypts the session data stored in the event.locals.session object and persists it as cookies on the client via the Set-Cookie response header.
• CSRF mitigations: KittyKitty provides support for generating and verifying CSRF tokens for forms submitted to the server. It enforces CSRF mitigations for all requests except those with the GET, HEAD, OPTIONS, and TRACE methods.
• Handlers: KittyKitty provides several handlers including decryptSession, disableCache, encryptSession, filterRequestMethods, and verifyCsrfToken.

Installation

To install KittyKitty, follow these steps:

1. Install via NPM:

npm install kittykitty

2. Set compilerOptions.moduleResolution to ‘bundler’, ’node16’, or ’nodenext’ in tsconfig.json. This step prevents an error. For more information, refer to the official documentation.
3. Set up vite.config.js as follows:

// Add required configuration for KittyKitty

4. Update src/hooks.server.ts file to include the required contents.
5. Add the necessary details to the .env file, including a secure secret key. You can generate a key using the command tr -cd '\[:alnum:]' < /dev/random | fold -w32 | head -n1.
6. Set secure permissions for the .env file using chmod 0600 .env.
7. Add types to src/app.d.ts for session-related functionalities.

Summary

KittyKitty is a utility collection for SvelteKit that provides features such as encrypted server-side sessions and CSRF mitigations. It includes several handlers and components to enhance the development of secure frontend apps. To install KittyKitty, follow the installation guide, which involves setting up the necessary configurations and adding required files.