@fastify/cookie 7.4.0 → 8.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -3
- package/package.json +4 -5
- package/plugin.js +14 -6
- package/test/cookie.test.js +33 -0
- package/{plugin.d.ts → types/plugin.d.ts} +25 -14
- package/{test → types}/plugin.test-d.ts +11 -1
package/README.md
CHANGED
|
@@ -192,9 +192,9 @@ fastify.register(require('@fastify/cookie'), {
|
|
|
192
192
|
|
|
193
193
|
### Manual cookie unsigning
|
|
194
194
|
|
|
195
|
-
The method `unsignCookie(value)` is added to the `fastify` instance and the `reply` object
|
|
196
|
-
via the Fastify `decorate`
|
|
197
|
-
the provided signer's (or the default signer if no custom implementation is provided) `unsign` method on the cookie.
|
|
195
|
+
The method `unsignCookie(value)` is added to the `fastify` instance, to the `request` and the `reply` object
|
|
196
|
+
via the Fastify `decorate`, `decorateRequest` and `decorateReply` APIs, if a secret was provided as option.
|
|
197
|
+
Using it on a signed cookie will call the the provided signer's (or the default signer if no custom implementation is provided) `unsign` method on the cookie.
|
|
198
198
|
|
|
199
199
|
**Example:**
|
|
200
200
|
|
package/package.json
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@fastify/cookie",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "8.0.0",
|
|
4
4
|
"description": "Plugin for fastify to add support for cookies",
|
|
5
5
|
"main": "plugin.js",
|
|
6
|
-
"types": "plugin.d.ts",
|
|
6
|
+
"types": "types/plugin.d.ts",
|
|
7
7
|
"scripts": {
|
|
8
8
|
"lint": "standard | snazzy",
|
|
9
9
|
"lint:ci": "standard",
|
|
@@ -42,13 +42,12 @@
|
|
|
42
42
|
"@fastify/pre-commit": "^2.0.2",
|
|
43
43
|
"@types/node": "^18.0.0",
|
|
44
44
|
"benchmark": "^2.1.4",
|
|
45
|
-
"fastify": "^4.0.0
|
|
45
|
+
"fastify": "^4.0.0",
|
|
46
46
|
"sinon": "^14.0.0",
|
|
47
47
|
"snazzy": "^9.0.0",
|
|
48
48
|
"standard": "^17.0.0",
|
|
49
49
|
"tap": "^16.0.0",
|
|
50
|
-
"tsd": "^0.22.0"
|
|
51
|
-
"typescript": "^4.5.5"
|
|
50
|
+
"tsd": "^0.22.0"
|
|
52
51
|
},
|
|
53
52
|
"dependencies": {
|
|
54
53
|
"cookie": "^0.5.0",
|
package/plugin.js
CHANGED
|
@@ -62,21 +62,29 @@ function onReqHandlerWrapper (fastify) {
|
|
|
62
62
|
}
|
|
63
63
|
|
|
64
64
|
function plugin (fastify, options, next) {
|
|
65
|
-
const secret = options.secret
|
|
65
|
+
const secret = options.secret
|
|
66
66
|
const enableRotation = Array.isArray(secret)
|
|
67
67
|
const algorithm = options.algorithm || 'sha256'
|
|
68
68
|
const signer = typeof secret === 'string' || enableRotation ? new Signer(secret, algorithm) : secret
|
|
69
69
|
|
|
70
70
|
fastify.decorate('parseCookie', parseCookie)
|
|
71
|
-
|
|
72
|
-
|
|
71
|
+
|
|
72
|
+
if (typeof secret !== 'undefined') {
|
|
73
|
+
fastify.decorate('signCookie', signCookie)
|
|
74
|
+
fastify.decorate('unsignCookie', unsignCookie)
|
|
75
|
+
|
|
76
|
+
fastify.decorateRequest('signCookie', signCookie)
|
|
77
|
+
fastify.decorateRequest('unsignCookie', unsignCookie)
|
|
78
|
+
|
|
79
|
+
fastify.decorateReply('signCookie', signCookie)
|
|
80
|
+
fastify.decorateReply('unsignCookie', unsignCookie)
|
|
81
|
+
}
|
|
73
82
|
|
|
74
83
|
fastify.decorateRequest('cookies', null)
|
|
75
|
-
fastify.decorateRequest('unsignCookie', unsignCookie)
|
|
76
|
-
fastify.decorateReply('setCookie', setCookie)
|
|
77
84
|
fastify.decorateReply('cookie', setCookie)
|
|
85
|
+
|
|
86
|
+
fastify.decorateReply('setCookie', setCookie)
|
|
78
87
|
fastify.decorateReply('clearCookie', clearCookie)
|
|
79
|
-
fastify.decorateReply('unsignCookie', unsignCookie)
|
|
80
88
|
|
|
81
89
|
fastify.addHook('onRequest', onReqHandlerWrapper(fastify))
|
|
82
90
|
|
package/test/cookie.test.js
CHANGED
|
@@ -814,3 +814,36 @@ test('handle secure:auto of cookieOptions', async (t) => {
|
|
|
814
814
|
t.same(cookies2[0].secure, null)
|
|
815
815
|
t.equal(cookies2[0].path, '/')
|
|
816
816
|
})
|
|
817
|
+
|
|
818
|
+
test('should not decorate fastify, request and reply if no secret was provided', async (t) => {
|
|
819
|
+
t.plan(8)
|
|
820
|
+
const fastify = Fastify()
|
|
821
|
+
|
|
822
|
+
await fastify.register(plugin)
|
|
823
|
+
|
|
824
|
+
t.notOk(fastify.signCookie)
|
|
825
|
+
t.notOk(fastify.unsignCookie)
|
|
826
|
+
|
|
827
|
+
fastify.get('/testDecorators', (req, reply) => {
|
|
828
|
+
t.notOk(req.signCookie)
|
|
829
|
+
t.notOk(reply.signCookie)
|
|
830
|
+
t.notOk(req.unsignCookie)
|
|
831
|
+
t.notOk(reply.unsignCookie)
|
|
832
|
+
|
|
833
|
+
reply.send({
|
|
834
|
+
unsigned: req.unsignCookie(req.cookies.foo)
|
|
835
|
+
})
|
|
836
|
+
})
|
|
837
|
+
|
|
838
|
+
const res = await fastify.inject({
|
|
839
|
+
method: 'GET',
|
|
840
|
+
url: '/testDecorators'
|
|
841
|
+
})
|
|
842
|
+
|
|
843
|
+
t.equal(res.statusCode, 500)
|
|
844
|
+
t.same(JSON.parse(res.body), {
|
|
845
|
+
statusCode: 500,
|
|
846
|
+
error: 'Internal Server Error',
|
|
847
|
+
message: 'req.unsignCookie is not a function'
|
|
848
|
+
})
|
|
849
|
+
})
|
|
@@ -3,12 +3,7 @@
|
|
|
3
3
|
import { FastifyPluginCallback } from "fastify";
|
|
4
4
|
|
|
5
5
|
declare module "fastify" {
|
|
6
|
-
interface FastifyInstance {
|
|
7
|
-
/**
|
|
8
|
-
* Unsigns the specified cookie using the secret provided.
|
|
9
|
-
* @param value Cookie value
|
|
10
|
-
*/
|
|
11
|
-
unsignCookie(value: string): fastifyCookie.UnsignResult;
|
|
6
|
+
interface FastifyInstance extends SignerMethods {
|
|
12
7
|
/**
|
|
13
8
|
* Manual cookie parsing method
|
|
14
9
|
* @docs https://github.com/fastify/fastify-cookie#manual-cookie-parsing
|
|
@@ -17,22 +12,31 @@ declare module "fastify" {
|
|
|
17
12
|
parseCookie(cookieHeader: string): {
|
|
18
13
|
[key: string]: string;
|
|
19
14
|
};
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
interface FastifyRequest extends SignerMethods {
|
|
20
18
|
/**
|
|
21
|
-
*
|
|
22
|
-
* @docs https://github.com/fastify/fastify-cookie#manual-cookie-parsing
|
|
23
|
-
* @param value cookie value
|
|
19
|
+
* Request cookies
|
|
24
20
|
*/
|
|
25
|
-
|
|
21
|
+
cookies: { [cookieName: string]: string | undefined };
|
|
26
22
|
}
|
|
27
23
|
|
|
28
|
-
interface
|
|
24
|
+
interface FastifyReply extends SignerMethods {
|
|
29
25
|
/**
|
|
30
26
|
* Request cookies
|
|
31
27
|
*/
|
|
32
28
|
cookies: { [cookieName: string]: string | undefined };
|
|
29
|
+
}
|
|
33
30
|
|
|
31
|
+
interface SignerMethods {
|
|
34
32
|
/**
|
|
35
|
-
*
|
|
33
|
+
* Signs the specified cookie using the secret/signer provided.
|
|
34
|
+
* @param value cookie value
|
|
35
|
+
*/
|
|
36
|
+
signCookie(value: string): string;
|
|
37
|
+
|
|
38
|
+
/**
|
|
39
|
+
* Unsigns the specified cookie using the secret/signer provided.
|
|
36
40
|
* @param value Cookie value
|
|
37
41
|
*/
|
|
38
42
|
unsignCookie(value: string): fastifyCookie.UnsignResult;
|
|
@@ -102,15 +106,22 @@ declare namespace fastifyCookie {
|
|
|
102
106
|
}
|
|
103
107
|
|
|
104
108
|
export interface CookieSerializeOptions {
|
|
109
|
+
/** The `Domain` attribute. */
|
|
105
110
|
domain?: string;
|
|
106
111
|
encode?(val: string): string;
|
|
112
|
+
/** The expiration `date` used for the `Expires` attribute. If both `expires` and `maxAge` are set, then `expires` is used. */
|
|
107
113
|
expires?: Date;
|
|
114
|
+
/** The `boolean` value of the `HttpOnly` attribute. Defaults to true. */
|
|
108
115
|
httpOnly?: boolean;
|
|
116
|
+
/** A `number` in milliseconds that specifies the `Expires` attribute by adding the specified milliseconds to the current date. If both `expires` and `maxAge` are set, then `expires` is used. */
|
|
109
117
|
maxAge?: number;
|
|
118
|
+
/** The `Path` attribute. Defaults to `/` (the root path). */
|
|
110
119
|
path?: string;
|
|
111
120
|
priority?: "low" | "medium" | "high";
|
|
112
|
-
|
|
113
|
-
|
|
121
|
+
/** A `boolean` or one of the `SameSite` string attributes. E.g.: `lax`, `node` or `strict`. */
|
|
122
|
+
sameSite?: 'lax' | 'none' | 'strict' | boolean;
|
|
123
|
+
/** The `boolean` value of the `Secure` attribute. Set this option to false when communicating over an unencrypted (HTTP) connection. Value can be set to `auto`; in this case the `Secure` attribute will be set to false for HTTP request, in case of HTTPS it will be set to true. Defaults to true. */
|
|
124
|
+
secure?: boolean | 'auto';
|
|
114
125
|
signed?: boolean;
|
|
115
126
|
}
|
|
116
127
|
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import cookie from '
|
|
1
|
+
import cookie from '..';
|
|
2
2
|
import { expectType } from 'tsd';
|
|
3
3
|
import * as fastifyCookieStar from '..';
|
|
4
4
|
import fastifyCookieCjsImport = require('..');
|
|
@@ -58,6 +58,16 @@ server.after((_err) => {
|
|
|
58
58
|
.send({ hello: 'world' })
|
|
59
59
|
);
|
|
60
60
|
});
|
|
61
|
+
|
|
62
|
+
expectType<(value: string) => string>(server.signCookie)
|
|
63
|
+
expectType<(value: string) => fastifyCookieStar.UnsignResult>(server.unsignCookie)
|
|
64
|
+
|
|
65
|
+
server.get('/', (request, reply) => {
|
|
66
|
+
expectType<(value: string) => string>(request.signCookie)
|
|
67
|
+
expectType<(value: string) => string>(reply.signCookie)
|
|
68
|
+
expectType<(value: string) => fastifyCookieStar.UnsignResult>(request.unsignCookie)
|
|
69
|
+
expectType<(value: string) => fastifyCookieStar.UnsignResult>(reply.unsignCookie)
|
|
70
|
+
});
|
|
61
71
|
});
|
|
62
72
|
|
|
63
73
|
const serverWithHttp2 = fastify({ http2: true });
|