@fastify/cookie 7.2.0 → 7.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -99,7 +99,8 @@ with a value of `'foo'` on the cookie path `/`.
99
99
  + `name`: a string name for the cookie to be set
100
100
  + `value`: a string value for the cookie
101
101
  + `options`: an options object as described in the [cookie serialize][cs] documentation
102
- with a extra param "signed" for signed cookie
102
+ + `options.signed`: the cookie should be signed
103
+ + `options.secure`: if set to `true` it will set the Secure-flag. If it is set to `"auto"` Secure-flag is set when the connection is using tls.
103
104
 
104
105
  #### Securing the cookie
105
106
 
@@ -238,9 +239,9 @@ test('Request requires signed cookie', async () => {
238
239
  with signerFactory
239
240
 
240
241
  ```js
241
- const { signerFactory } = require('@fastify/cookie');
242
+ const { fastifyCookie } = require('@fastify/cookie');
242
243
 
243
- const signer = signerFactory('secret');
244
+ const signer = fastifyCookie.signerFactory('secret');
244
245
  const signedValue = signer.sign('test');
245
246
  const {valid, renew, value } = signer.unsign(signedValue);
246
247
  ```
@@ -248,10 +249,10 @@ const {valid, renew, value } = signer.unsign(signedValue);
248
249
  with sign/unsign utilities
249
250
 
250
251
  ```js
251
- const { sign, unsign } = require('@fastify/cookie');
252
+ const { fastifyCookie } = require('@fastify/cookie');
252
253
 
253
- const signedValue = sign('test', 'secret');
254
- const unsignedvalue = unsign(signedValue, 'secret');
254
+ const signedValue = fastifyCookie.sign('test', 'secret');
255
+ const unsignedvalue = fastifyCookie.unsign(signedValue, 'secret');
255
256
  ```
256
257
 
257
258
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@fastify/cookie",
3
- "version": "7.2.0",
3
+ "version": "7.3.0",
4
4
  "description": "Plugin for fastify to add support for cookies",
5
5
  "main": "plugin.js",
6
6
  "types": "plugin.d.ts",
@@ -52,7 +52,7 @@
52
52
  "dependencies": {
53
53
  "cookie": "^0.5.0",
54
54
  "cookie-signature": "^1.1.0",
55
- "fastify-plugin": "^3.0.1"
55
+ "fastify-plugin": "^4.0.0"
56
56
  },
57
57
  "tsd": {
58
58
  "directory": "test"
package/plugin.d.ts CHANGED
@@ -99,11 +99,11 @@ export interface CookieSerializeOptions {
99
99
  path?: string;
100
100
  priority?: 'low' | 'medium' | 'high';
101
101
  sameSite?: boolean | 'lax' | 'strict' | 'none';
102
- secure?: boolean;
102
+ secure?: boolean | 'auto';
103
103
  signed?: boolean;
104
104
  }
105
105
 
106
- interface Signer {
106
+ export interface Signer {
107
107
  sign: (input: string) => string;
108
108
  unsign: (input: string) => {
109
109
  valid: boolean;
@@ -112,16 +112,22 @@ interface Signer {
112
112
  };
113
113
  }
114
114
 
115
- declare const signerFactory: Signer;
116
- declare const sign: (value: string, secret: string) => string;
117
- declare const unsign: (input: string, secret: string) => string | false;
118
-
119
115
  export interface FastifyCookieOptions {
120
116
  secret?: string | string[] | Signer;
121
117
  parseOptions?: CookieSerializeOptions;
122
118
  }
123
119
 
124
- declare const fastifyCookie: FastifyPluginCallback<NonNullable<FastifyCookieOptions>>;
120
+ export type Sign = (value: string, secret: string) => string;
121
+ export type Unsign = (input: string, secret: string) => string | false;
122
+ export type SignerFactory = (secret: string) => Signer;
123
+
124
+ export interface FastifyCookie extends FastifyPluginCallback<NonNullable<FastifyCookieOptions>>{
125
+ signerFactory: SignerFactory;
126
+ sign: Sign;
127
+ unsign: Unsign;
128
+ }
129
+
130
+ declare const fastifyCookie: FastifyCookie;
125
131
 
126
132
  export default fastifyCookie;
127
- export { fastifyCookie, signerFactory, sign, unsign };
133
+ export { fastifyCookie };
package/plugin.js CHANGED
@@ -16,6 +16,15 @@ function fastifyCookieSetCookie (reply, name, value, options, signer) {
16
16
  value = signer.sign(value)
17
17
  }
18
18
 
19
+ if (opts.secure === 'auto') {
20
+ if (isConnectionSecure(reply.request)) {
21
+ opts.secure = true
22
+ } else {
23
+ opts.sameSite = 'lax'
24
+ opts.secure = false
25
+ }
26
+ }
27
+
19
28
  const serialized = cookie.serialize(name, value, opts)
20
29
  let setCookie = reply.getHeader('Set-Cookie')
21
30
  if (!setCookie) {
@@ -96,6 +105,13 @@ function plugin (fastify, options, next) {
96
105
  }
97
106
  }
98
107
 
108
+ function isConnectionSecure (request) {
109
+ return (
110
+ request.raw.socket?.encrypted === true ||
111
+ request.headers['x-forwarded-proto'] === 'https'
112
+ )
113
+ }
114
+
99
115
  const fastifyCookie = fp(plugin, {
100
116
  fastify: '4.x',
101
117
  name: '@fastify/cookie'
@@ -776,3 +776,41 @@ test('create signed cookie manually using signCookie decorator', async (t) => {
776
776
  t.equal(res.statusCode, 200)
777
777
  t.same(JSON.parse(res.body), { unsigned: { value: 'bar', renew: false, valid: true } })
778
778
  })
779
+
780
+ test('handle secure:auto of cookieOptions', async (t) => {
781
+ const fastify = Fastify()
782
+
783
+ await fastify.register(plugin)
784
+
785
+ fastify.get('/test1', (req, reply) => {
786
+ reply
787
+ .setCookie('foo', 'foo', { path: '/', secure: 'auto' })
788
+ .send()
789
+ })
790
+
791
+ const res = await fastify.inject({
792
+ method: 'GET',
793
+ url: '/test1',
794
+ headers: { 'x-forwarded-proto': 'https' }
795
+ })
796
+
797
+ const cookies = res.cookies
798
+ t.equal(cookies.length, 1)
799
+ t.equal(cookies[0].name, 'foo')
800
+ t.equal(cookies[0].value, 'foo')
801
+ t.equal(cookies[0].secure, true)
802
+ t.equal(cookies[0].path, '/')
803
+
804
+ const res2 = await fastify.inject({
805
+ method: 'GET',
806
+ url: '/test1'
807
+ })
808
+
809
+ const cookies2 = res2.cookies
810
+ t.equal(cookies2.length, 1)
811
+ t.equal(cookies2[0].name, 'foo')
812
+ t.equal(cookies2[0].value, 'foo')
813
+ t.equal(cookies2[0].sameSite, 'Lax')
814
+ t.same(cookies2[0].secure, null)
815
+ t.equal(cookies2[0].path, '/')
816
+ })
@@ -1,13 +1,10 @@
1
- import fastify, { FastifyInstance, FastifyPluginCallback, FastifyReply, setCookieWrapper } from 'fastify';
2
- import { Server } from 'http';
1
+ import cookie from '../plugin';
3
2
  import { expectType } from 'tsd';
4
3
  import * as fastifyCookieStar from '..';
5
- import fastifyCookieDefault, {
6
- fastifyCookie as fastifyCookieNamed
7
- } from '..';
8
- import cookie, { FastifyCookieOptions } from '../plugin';
9
-
10
4
  import fastifyCookieCjsImport = require('..');
5
+ import fastifyCookieDefault, { fastifyCookie as fastifyCookieNamed } from '..';
6
+ import fastify, { FastifyInstance, FastifyReply, setCookieWrapper } from 'fastify';
7
+
11
8
  const fastifyCookieCjs = require('..');
12
9
 
13
10
  const app: FastifyInstance = fastify();
@@ -19,16 +16,24 @@ app.register(fastifyCookieCjsImport.fastifyCookie);
19
16
  app.register(fastifyCookieStar.default);
20
17
  app.register(fastifyCookieStar.fastifyCookie);
21
18
 
22
- expectType<FastifyPluginCallback<FastifyCookieOptions, Server>>(fastifyCookieNamed);
23
- expectType<FastifyPluginCallback<FastifyCookieOptions, Server>>(fastifyCookieDefault);
24
- expectType<FastifyPluginCallback<FastifyCookieOptions, Server>>(fastifyCookieCjsImport.default);
25
- expectType<FastifyPluginCallback<FastifyCookieOptions, Server>>(fastifyCookieCjsImport.fastifyCookie);
26
- expectType<FastifyPluginCallback<FastifyCookieOptions, Server>>(fastifyCookieStar.default);
27
- expectType<FastifyPluginCallback<FastifyCookieOptions, Server>>(
19
+ expectType<fastifyCookieStar.FastifyCookie>(fastifyCookieNamed);
20
+ expectType<fastifyCookieStar.FastifyCookie>(fastifyCookieDefault);
21
+ expectType<fastifyCookieStar.FastifyCookie>(fastifyCookieCjsImport.default);
22
+ expectType<fastifyCookieStar.FastifyCookie>(fastifyCookieCjsImport.fastifyCookie);
23
+ expectType<fastifyCookieStar.FastifyCookie>(fastifyCookieStar.default);
24
+ expectType<fastifyCookieStar.FastifyCookie>(
28
25
  fastifyCookieStar.fastifyCookie
29
26
  );
30
27
  expectType<any>(fastifyCookieCjs);
31
28
 
29
+ expectType<fastifyCookieStar.Sign>(fastifyCookieDefault.sign);
30
+ expectType<fastifyCookieStar.Unsign>(fastifyCookieDefault.unsign);
31
+ expectType<fastifyCookieStar.SignerFactory >(fastifyCookieDefault.signerFactory );
32
+
33
+ expectType<fastifyCookieStar.Sign>(fastifyCookieNamed.sign);
34
+ expectType<fastifyCookieStar.Unsign>(fastifyCookieNamed.unsign);
35
+ expectType<fastifyCookieStar.SignerFactory >(fastifyCookieNamed.signerFactory );
36
+
32
37
  const server = fastify();
33
38
 
34
39
  server.register(cookie);