@fastify/cookie 11.0.0 → 11.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -17,7 +17,7 @@ on:
17
17
 
18
18
  jobs:
19
19
  test:
20
- uses: fastify/workflows/.github/workflows/plugins-ci.yml@v5.0.0
20
+ uses: fastify/workflows/.github/workflows/plugins-ci.yml@v5
21
21
  with:
22
22
  license-check: true
23
23
  lint: true
package/README.md CHANGED
@@ -1,32 +1,35 @@
1
1
  # @fastify/cookie
2
2
 
3
- ![CI](https://github.com/fastify/fastify-cookie/workflows/CI/badge.svg)
3
+ [![CI](https://github.com/fastify/fastify-cookie/actions/workflows/ci.yml/badge.svg?branch=master)](https://github.com/fastify/fastify-cookie/actions/workflows/ci.yml)
4
4
  [![NPM version](https://img.shields.io/npm/v/@fastify/cookie.svg?style=flat)](https://www.npmjs.com/package/@fastify/cookie)
5
- [![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](https://standardjs.com/)
5
+ [![neostandard javascript style](https://img.shields.io/badge/code_style-neostandard-brightgreen?style=flat)](https://github.com/neostandard/neostandard)
6
6
 
7
7
  A plugin for [Fastify](http://fastify.dev/) that adds support for reading and
8
8
  setting cookies.
9
9
 
10
10
  This plugin's cookie parsing works via Fastify's `onRequest` hook. Therefore,
11
- you should register it prior to any other `onRequest` hooks that will depend
11
+ you should register it before any other `onRequest` hooks that will depend
12
12
  upon this plugin's actions.
13
13
 
14
14
  It is also possible to [import the low-level cookie parsing and serialization functions](#importing-serialize-and-parse).
15
15
 
16
- `@fastify/cookie` [v2.x](https://github.com/fastify/fastify-cookie/tree/v2.x)
17
- supports both Fastify@1 and Fastify@2.
18
- `@fastify/cookie` v3 only supports Fastify@2.
19
-
20
- ## Installation
16
+ ## Install
21
17
  ```sh
22
18
  npm i @fastify/cookie
23
19
  ```
24
20
 
25
- or
21
+ ### Compatibility
22
+ | Plugin version | Fastify version |
23
+ | ---------------|-----------------|
24
+ | `^10.x` | `^5.x` |
25
+ | `^7.x` | `^4.x` |
26
+ | `^4.x` | `^3.x` |
27
+ | `^2.x` | `^2.x` |
28
+ | `^1.x` | `^1.x` |
26
29
 
27
- ```sh
28
- yarn add @fastify/cookie
29
- ```
30
+ Please note that if a Fastify version is out of support, then so are the corresponding versions of this plugin
31
+ in the table above.
32
+ See [Fastify's LTS policy](https://github.com/fastify/fastify/blob/main/docs/Reference/LTS.md) for more details.
30
33
 
31
34
  ## Example
32
35
 
@@ -115,7 +118,7 @@ domain is set, and most clients will consider the cookie to apply to only the cu
115
118
 
116
119
  ##### encode
117
120
 
118
- Specifies a function that will be used to encode a cookie's value. Since value of a cookie
121
+ Specifies a function that will be used to encode a cookie's value. Since the value of a cookie
119
122
  has a limited character set (and must be a simple string), this function can be used to encode
120
123
  a value into a string suited for a cookie's value.
121
124
 
@@ -129,13 +132,13 @@ By default, no expiration is set, and most clients will consider this a "non-per
129
132
  will delete it on a condition like exiting a web browser application.
130
133
 
131
134
  **Note:** the [cookie storage model specification](https://datatracker.ietf.org/doc/html/rfc6265#section-5.3) states that if both `expires` and
132
- `maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this,
135
+ `maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients obey this,
133
136
  so if both are set, they should point to the same date and time.
134
137
 
135
138
  ##### httpOnly
136
139
 
137
140
  Specifies the `boolean` value for the [`HttpOnly` `Set-Cookie` attribute](https://datatracker.ietf.org/doc/html/rfc6265#section-5.2.6). When truthy,
138
- the `HttpOnly` attribute is set, otherwise it is not. By default, the `HttpOnly` attribute is not set.
141
+ the `HttpOnly` attribute is set, otherwise, it is not. By default, the `HttpOnly` attribute is not set.
139
142
 
140
143
  **Note:** be careful when setting this to `true`, as compliant clients will not allow client-side
141
144
  JavaScript to see the cookie in `document.cookie`.
@@ -146,7 +149,7 @@ Specifies the `number` (in seconds) to be the value for the [`Max-Age` `Set-Cook
146
149
  The given number will be converted to an integer by rounding down. By default, no maximum age is set.
147
150
 
148
151
  **Note:** the [cookie storage model specification](https://datatracker.ietf.org/doc/html/rfc6265#section-5.3) states that if both `expires` and
149
- `maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this,
152
+ `maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients obey this,
150
153
  so if both are set, they should point to the same date and time.
151
154
 
152
155
  ##### partitioned
@@ -157,7 +160,7 @@ attribute. When truthy, the `Partitioned` attribute is set, otherwise it is not.
157
160
 
158
161
  ⚠️ **Warning:** [This is an attribute that has not yet been fully standardized](https://github.com/fastify/fastify-cookie/pull/261#issuecomment-1803234334), and may change in the future without reflecting the semver versioning. This also means many clients may ignore the attribute until they understand it.
159
162
 
160
- More information about can be found in [the proposal](https://github.com/privacycg/CHIPS).
163
+ More information about this can be found in [the proposal](https://github.com/privacycg/CHIPS).
161
164
 
162
165
 
163
166
  ##### priority
@@ -197,7 +200,7 @@ This also means many clients may ignore this attribute until they understand it.
197
200
  ##### secure
198
201
 
199
202
  Specifies the `boolean` value for the [`Secure` `Set-Cookie` attribute](https://datatracker.ietf.org/doc/html/rfc6265#section-5.2.5). When truthy,
200
- the `Secure` attribute is set, otherwise it is not. By default, the `Secure` attribute is not set.
203
+ the `Secure` attribute is set, otherwise, it is not. By default, the `Secure` attribute is not set.
201
204
 
202
205
  **Note:** be careful when setting this to `true`, as compliant clients will not send the cookie back to
203
206
  the server in the future if the browser does not have an HTTPS connection.
@@ -231,9 +234,9 @@ with a value of `'foo'` on the cookie path `/`.
231
234
  Following are _some_ of the precautions that should be taken to ensure the integrity of an application:
232
235
 
233
236
  - It's important to use `options.httpOnly` cookies to prevent attacks like XSS.
234
- - Use signed cookies (`options.signed`) to ensure they are not getting tampered with on client-side by an attacker.
237
+ - Use signed cookies (`options.signed`) to ensure they are not getting tampered wit client-side by an attacker.
235
238
  - Use `__Host-` [Cookie Prefix](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#Attributes) to avoid Cookie Tossing attacks.
236
- - it's important to [use HTTPS for your website/app](https://letsencrypt.org/) to avoid a bunch of other potential security issues like [MITM](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) etc.
239
+ - It is important to [use HTTPS for your website/app](https://letsencrypt.org/) to avoid a bunch of other potential security issues like [MITM](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) etc.
237
240
 
238
241
  ### Clearing
239
242
 
@@ -244,7 +247,7 @@ on the cookie path `/`.
244
247
 
245
248
  + `name`: a string name for the cookie to be cleared
246
249
  + `options`: an options object as described in the [cookie serialize][cs]
247
- documentation. Its optional to pass `options` object
250
+ documentation. It is optional to pass an `options` object
248
251
 
249
252
  ### Manual cookie parsing
250
253
 
@@ -279,7 +282,7 @@ fastify.get('/', (req, reply) => {
279
282
  const result = reply.unsignCookie(req.cookies.myCookie)
280
283
 
281
284
  if (result.valid && result.renew) {
282
- // Setting the same cookie again, this time plugin will sign it with a new key
285
+ // Setting the same cookie again, this time the plugin will sign it with a new key
283
286
  reply.setCookie('myCookie', result.value, {
284
287
  domain: 'example.com', // same options as before
285
288
  path: '/',
@@ -317,8 +320,8 @@ fastify.register(require('@fastify/cookie'), {
317
320
  ### Manual cookie unsigning
318
321
 
319
322
  The method `unsignCookie(value)` is added to the `fastify` instance, to the `request` and the `reply` object
320
- via the Fastify `decorate`, `decorateRequest` and `decorateReply` APIs, if a secret was provided as option.
321
- Using it on a signed cookie will call the the provided signer's (or the default signer if no custom implementation is provided) `unsign` method on the cookie.
323
+ via the Fastify `decorate`, `decorateRequest`, and `decorateReply` APIs, if a secret was provided as an option.
324
+ Using it on a signed cookie will call the provided signer's (or the default signer if no custom implementation is provided) `unsign` method on the cookie.
322
325
 
323
326
  **Example:**
324
327
 
@@ -358,9 +361,9 @@ test('Request requires signed cookie', async () => {
358
361
  });
359
362
  ```
360
363
 
361
- ### Manual signing/unsigning with low level utilities
364
+ ### Manual signing/unsigning with low-level utilities
362
365
 
363
- with Signer
366
+ With Signer:
364
367
 
365
368
  ```js
366
369
  const { Signer } = require('@fastify/cookie');
@@ -370,7 +373,7 @@ const signedValue = signer.sign('test');
370
373
  const {valid, renew, value } = signer.unsign(signedValue);
371
374
  ```
372
375
 
373
- with sign/unsign utilities
376
+ With sign/unsign utilities:
374
377
 
375
378
  ```js
376
379
  const { fastifyCookie } = require('@fastify/cookie');
@@ -382,4 +385,4 @@ const unsignedvalue = fastifyCookie.unsign(signedValue, 'secret');
382
385
 
383
386
  ## License
384
387
 
385
- [MIT License](http://jsumners.mit-license.org/)
388
+ Licensed under [MIT](./LICENSE).
@@ -8,7 +8,7 @@ const secret = 'testsecret'
8
8
  const fastify = Fastify()
9
9
  fastify.register(plugin, { secret })
10
10
 
11
- fastify.get('/', (req, reply) => {
11
+ fastify.get('/', (_req, reply) => {
12
12
  reply
13
13
  .setCookie('foo', 'foo')
14
14
  .setCookie('foo', 'foo', { path: '/1' })
@@ -8,7 +8,7 @@ const secret = 'testsecret'
8
8
  const fastify = Fastify()
9
9
  fastify.register(plugin, { secret })
10
10
 
11
- fastify.get('/', (req, reply) => {
11
+ fastify.get('/', (_req, reply) => {
12
12
  reply
13
13
  .setCookie('foo', 'foo', { path: '/' })
14
14
  .send({ hello: 'world' })
@@ -0,0 +1,6 @@
1
+ 'use strict'
2
+
3
+ module.exports = require('neostandard')({
4
+ ignores: require('neostandard').resolveIgnoresFromGitignore(),
5
+ ts: true
6
+ })
package/package.json CHANGED
@@ -1,18 +1,17 @@
1
1
  {
2
2
  "name": "@fastify/cookie",
3
- "version": "11.0.0",
3
+ "version": "11.0.2",
4
4
  "description": "Plugin for fastify to add support for cookies",
5
5
  "main": "plugin.js",
6
6
  "type": "commonjs",
7
7
  "types": "types/plugin.d.ts",
8
8
  "scripts": {
9
9
  "coverage": "npm run test:unit -- --coverage-report=html",
10
- "lint": "standard | snazzy",
11
- "lint:ci": "standard",
12
- "lint:fix": "standard --fix",
10
+ "lint": "eslint",
11
+ "lint:fix": "eslint --fix",
13
12
  "test": "npm run test:unit && npm run test:typescript",
14
13
  "test:typescript": "tsd",
15
- "test:unit": "tap",
14
+ "test:unit": "c8 --100 node --test",
16
15
  "test:unit:verbose": "npm run test:unit -- -Rspec"
17
16
  },
18
17
  "precommit": [
@@ -32,6 +31,19 @@
32
31
  {
33
32
  "name": "Salman Mitha",
34
33
  "email": "SalmanMitha@gmail.com"
34
+ },
35
+ {
36
+ "name": "Matteo Collina",
37
+ "email": "hello@matteocollina.com"
38
+ },
39
+ {
40
+ "name": "Manuel Spigolon",
41
+ "email": "behemoth89@gmail.com"
42
+ },
43
+ {
44
+ "name": "Frazer Smith",
45
+ "email": "frazer.dev@icloud.com",
46
+ "url": "https://github.com/fdawgs"
35
47
  }
36
48
  ],
37
49
  "license": "MIT",
@@ -39,20 +51,29 @@
39
51
  "url": "https://github.com/fastify/fastify-cookie/issues"
40
52
  },
41
53
  "homepage": "https://github.com/fastify/fastify-cookie#readme",
54
+ "funding": [
55
+ {
56
+ "type": "github",
57
+ "url": "https://github.com/sponsors/fastify"
58
+ },
59
+ {
60
+ "type": "opencollective",
61
+ "url": "https://opencollective.com/fastify"
62
+ }
63
+ ],
42
64
  "devDependencies": {
43
65
  "@fastify/pre-commit": "^2.1.0",
44
66
  "@types/node": "^22.0.0",
45
67
  "benchmark": "^2.1.4",
68
+ "c8": "^10.1.2",
69
+ "eslint": "^9.17.0",
46
70
  "fastify": "^5.0.0",
71
+ "neostandard": "^0.12.0",
47
72
  "sinon": "^19.0.2",
48
- "snazzy": "^9.0.0",
49
- "standard": "^17.1.0",
50
- "tap": "^18.6.1",
51
73
  "tsd": "^0.31.1"
52
74
  },
53
75
  "dependencies": {
54
76
  "cookie": "^1.0.0",
55
- "cookie-signature": "^1.2.1",
56
77
  "fastify-plugin": "^5.0.0"
57
78
  },
58
79
  "tsd": {
package/plugin.js CHANGED
@@ -59,7 +59,7 @@ function parseCookies (fastify, request, reply) {
59
59
 
60
60
  function onReqHandlerWrapper (fastify, hook) {
61
61
  return hook === 'preParsing'
62
- ? function fastifyCookieHandler (fastifyReq, fastifyRes, payload, done) {
62
+ ? function fastifyCookieHandler (fastifyReq, fastifyRes, _payload, done) {
63
63
  parseCookies(fastify, fastifyReq, fastifyRes)
64
64
  done()
65
65
  }
@@ -98,7 +98,7 @@ function setCookies (reply) {
98
98
  reply[kReplySetCookies].clear()
99
99
  }
100
100
 
101
- function fastifyCookieOnSendHandler (fastifyReq, fastifyRes, payload, done) {
101
+ function fastifyCookieOnSendHandler (_fastifyReq, fastifyRes, _payload, done) {
102
102
  if (!fastifyRes[kReplySetCookies]) {
103
103
  done()
104
104
  return
package/signer.js CHANGED
@@ -36,7 +36,7 @@ function validateAlgorithm (algorithm) {
36
36
  // validate that the algorithm is supported by the node runtime
37
37
  try {
38
38
  crypto.createHmac(algorithm, crypto.randomBytes(16))
39
- } catch (e) {
39
+ } catch {
40
40
  throw new TypeError(`Algorithm ${algorithm} not supported.`)
41
41
  }
42
42
  }