@fastify/cookie 7.4.0 → 8.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -192,9 +192,9 @@ fastify.register(require('@fastify/cookie'), {
192
192
 
193
193
  ### Manual cookie unsigning
194
194
 
195
- The method `unsignCookie(value)` is added to the `fastify` instance and the `reply` object
196
- via the Fastify `decorate` & `decorateReply` APIs. Using it on a signed cookie will call the
197
- the provided signer's (or the default signer if no custom implementation is provided) `unsign` method on the cookie.
195
+ The method `unsignCookie(value)` is added to the `fastify` instance, to the `request` and the `reply` object
196
+ via the Fastify `decorate`, `decorateRequest` and `decorateReply` APIs, if a secret was provided as option.
197
+ Using it on a signed cookie will call the the provided signer's (or the default signer if no custom implementation is provided) `unsign` method on the cookie.
198
198
 
199
199
  **Example:**
200
200
 
package/package.json CHANGED
@@ -1,9 +1,9 @@
1
1
  {
2
2
  "name": "@fastify/cookie",
3
- "version": "7.4.0",
3
+ "version": "8.0.0",
4
4
  "description": "Plugin for fastify to add support for cookies",
5
5
  "main": "plugin.js",
6
- "types": "plugin.d.ts",
6
+ "types": "types/plugin.d.ts",
7
7
  "scripts": {
8
8
  "lint": "standard | snazzy",
9
9
  "lint:ci": "standard",
@@ -42,13 +42,12 @@
42
42
  "@fastify/pre-commit": "^2.0.2",
43
43
  "@types/node": "^18.0.0",
44
44
  "benchmark": "^2.1.4",
45
- "fastify": "^4.0.0-rc.2",
45
+ "fastify": "^4.0.0",
46
46
  "sinon": "^14.0.0",
47
47
  "snazzy": "^9.0.0",
48
48
  "standard": "^17.0.0",
49
49
  "tap": "^16.0.0",
50
- "tsd": "^0.22.0",
51
- "typescript": "^4.5.5"
50
+ "tsd": "^0.22.0"
52
51
  },
53
52
  "dependencies": {
54
53
  "cookie": "^0.5.0",
package/plugin.js CHANGED
@@ -62,21 +62,29 @@ function onReqHandlerWrapper (fastify) {
62
62
  }
63
63
 
64
64
  function plugin (fastify, options, next) {
65
- const secret = options.secret || ''
65
+ const secret = options.secret
66
66
  const enableRotation = Array.isArray(secret)
67
67
  const algorithm = options.algorithm || 'sha256'
68
68
  const signer = typeof secret === 'string' || enableRotation ? new Signer(secret, algorithm) : secret
69
69
 
70
70
  fastify.decorate('parseCookie', parseCookie)
71
- fastify.decorate('signCookie', signCookie)
72
- fastify.decorate('unsignCookie', unsignCookie)
71
+
72
+ if (typeof secret !== 'undefined') {
73
+ fastify.decorate('signCookie', signCookie)
74
+ fastify.decorate('unsignCookie', unsignCookie)
75
+
76
+ fastify.decorateRequest('signCookie', signCookie)
77
+ fastify.decorateRequest('unsignCookie', unsignCookie)
78
+
79
+ fastify.decorateReply('signCookie', signCookie)
80
+ fastify.decorateReply('unsignCookie', unsignCookie)
81
+ }
73
82
 
74
83
  fastify.decorateRequest('cookies', null)
75
- fastify.decorateRequest('unsignCookie', unsignCookie)
76
- fastify.decorateReply('setCookie', setCookie)
77
84
  fastify.decorateReply('cookie', setCookie)
85
+
86
+ fastify.decorateReply('setCookie', setCookie)
78
87
  fastify.decorateReply('clearCookie', clearCookie)
79
- fastify.decorateReply('unsignCookie', unsignCookie)
80
88
 
81
89
  fastify.addHook('onRequest', onReqHandlerWrapper(fastify))
82
90
 
@@ -814,3 +814,36 @@ test('handle secure:auto of cookieOptions', async (t) => {
814
814
  t.same(cookies2[0].secure, null)
815
815
  t.equal(cookies2[0].path, '/')
816
816
  })
817
+
818
+ test('should not decorate fastify, request and reply if no secret was provided', async (t) => {
819
+ t.plan(8)
820
+ const fastify = Fastify()
821
+
822
+ await fastify.register(plugin)
823
+
824
+ t.notOk(fastify.signCookie)
825
+ t.notOk(fastify.unsignCookie)
826
+
827
+ fastify.get('/testDecorators', (req, reply) => {
828
+ t.notOk(req.signCookie)
829
+ t.notOk(reply.signCookie)
830
+ t.notOk(req.unsignCookie)
831
+ t.notOk(reply.unsignCookie)
832
+
833
+ reply.send({
834
+ unsigned: req.unsignCookie(req.cookies.foo)
835
+ })
836
+ })
837
+
838
+ const res = await fastify.inject({
839
+ method: 'GET',
840
+ url: '/testDecorators'
841
+ })
842
+
843
+ t.equal(res.statusCode, 500)
844
+ t.same(JSON.parse(res.body), {
845
+ statusCode: 500,
846
+ error: 'Internal Server Error',
847
+ message: 'req.unsignCookie is not a function'
848
+ })
849
+ })
@@ -3,12 +3,7 @@
3
3
  import { FastifyPluginCallback } from "fastify";
4
4
 
5
5
  declare module "fastify" {
6
- interface FastifyInstance {
7
- /**
8
- * Unsigns the specified cookie using the secret provided.
9
- * @param value Cookie value
10
- */
11
- unsignCookie(value: string): fastifyCookie.UnsignResult;
6
+ interface FastifyInstance extends SignerMethods {
12
7
  /**
13
8
  * Manual cookie parsing method
14
9
  * @docs https://github.com/fastify/fastify-cookie#manual-cookie-parsing
@@ -17,22 +12,31 @@ declare module "fastify" {
17
12
  parseCookie(cookieHeader: string): {
18
13
  [key: string]: string;
19
14
  };
15
+ }
16
+
17
+ interface FastifyRequest extends SignerMethods {
20
18
  /**
21
- * Manual cookie signing method
22
- * @docs https://github.com/fastify/fastify-cookie#manual-cookie-parsing
23
- * @param value cookie value
19
+ * Request cookies
24
20
  */
25
- signCookie(value: string): string;
21
+ cookies: { [cookieName: string]: string | undefined };
26
22
  }
27
23
 
28
- interface FastifyRequest {
24
+ interface FastifyReply extends SignerMethods {
29
25
  /**
30
26
  * Request cookies
31
27
  */
32
28
  cookies: { [cookieName: string]: string | undefined };
29
+ }
33
30
 
31
+ interface SignerMethods {
34
32
  /**
35
- * Unsigns the specified cookie using the secret provided.
33
+ * Signs the specified cookie using the secret/signer provided.
34
+ * @param value cookie value
35
+ */
36
+ signCookie(value: string): string;
37
+
38
+ /**
39
+ * Unsigns the specified cookie using the secret/signer provided.
36
40
  * @param value Cookie value
37
41
  */
38
42
  unsignCookie(value: string): fastifyCookie.UnsignResult;
@@ -102,15 +106,22 @@ declare namespace fastifyCookie {
102
106
  }
103
107
 
104
108
  export interface CookieSerializeOptions {
109
+ /** The `Domain` attribute. */
105
110
  domain?: string;
106
111
  encode?(val: string): string;
112
+ /** The expiration `date` used for the `Expires` attribute. If both `expires` and `maxAge` are set, then `expires` is used. */
107
113
  expires?: Date;
114
+ /** The `boolean` value of the `HttpOnly` attribute. Defaults to true. */
108
115
  httpOnly?: boolean;
116
+ /** A `number` in milliseconds that specifies the `Expires` attribute by adding the specified milliseconds to the current date. If both `expires` and `maxAge` are set, then `expires` is used. */
109
117
  maxAge?: number;
118
+ /** The `Path` attribute. Defaults to `/` (the root path). */
110
119
  path?: string;
111
120
  priority?: "low" | "medium" | "high";
112
- sameSite?: boolean | "lax" | "strict" | "none";
113
- secure?: boolean;
121
+ /** A `boolean` or one of the `SameSite` string attributes. E.g.: `lax`, `node` or `strict`. */
122
+ sameSite?: 'lax' | 'none' | 'strict' | boolean;
123
+ /** The `boolean` value of the `Secure` attribute. Set this option to false when communicating over an unencrypted (HTTP) connection. Value can be set to `auto`; in this case the `Secure` attribute will be set to false for HTTP request, in case of HTTPS it will be set to true. Defaults to true. */
124
+ secure?: boolean | 'auto';
114
125
  signed?: boolean;
115
126
  }
116
127
 
@@ -1,4 +1,4 @@
1
- import cookie from '../plugin';
1
+ import cookie from '..';
2
2
  import { expectType } from 'tsd';
3
3
  import * as fastifyCookieStar from '..';
4
4
  import fastifyCookieCjsImport = require('..');
@@ -58,6 +58,16 @@ server.after((_err) => {
58
58
  .send({ hello: 'world' })
59
59
  );
60
60
  });
61
+
62
+ expectType<(value: string) => string>(server.signCookie)
63
+ expectType<(value: string) => fastifyCookieStar.UnsignResult>(server.unsignCookie)
64
+
65
+ server.get('/', (request, reply) => {
66
+ expectType<(value: string) => string>(request.signCookie)
67
+ expectType<(value: string) => string>(reply.signCookie)
68
+ expectType<(value: string) => fastifyCookieStar.UnsignResult>(request.unsignCookie)
69
+ expectType<(value: string) => fastifyCookieStar.UnsignResult>(reply.unsignCookie)
70
+ });
61
71
  });
62
72
 
63
73
  const serverWithHttp2 = fastify({ http2: true });