@unireq/cookies 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/LICENSE +21 -0
  2. package/dist/index.d.ts +41 -0
  3. package/dist/index.js +2 -0
  4. package/dist/index.js.map +1 -0
  5. package/package.json +57 -0
package/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2025 Olivier Orabona
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
package/dist/index.d.ts ADDED
@@ -0,0 +1,41 @@
1
+ import { Policy } from '@unireq/core';
2
+
3
+ /**
4
+ * @unireq/cookies - Cookie jar integration with tough-cookie and http-cookie-agent/undici
5
+ * @see https://www.npmjs.com/package/tough-cookie
6
+ * @see https://www.npmjs.com/package/http-cookie-agent
7
+ */
8
+
9
+ /** Cookie jar interface (compatible with tough-cookie) */
10
+ interface CookieJar {
11
+ getCookieString: (url: string) => Promise<string> | string;
12
+ setCookie: (cookie: string, url: string) => Promise<void> | void;
13
+ }
14
+ /**
15
+ * Creates a cookie jar policy
16
+ * Integrates with tough-cookie CookieJar
17
+ *
18
+ * @param jar - Cookie jar instance (tough-cookie CookieJar)
19
+ * @returns Policy that manages cookies
20
+ *
21
+ * @example
22
+ * ```ts
23
+ * import { CookieJar } from 'tough-cookie';
24
+ *
25
+ * const jar = new CookieJar();
26
+ * const cookiePolicy = cookieJar(jar);
27
+ * ```
28
+ *
29
+ * Note: For proxy support, use http-cookie-agent with undici:
30
+ * ```ts
31
+ * import { CookieJar } from 'tough-cookie';
32
+ * import { CookieAgent } from 'http-cookie-agent/undici';
33
+ *
34
+ * const jar = new CookieJar();
35
+ * const agent = new CookieAgent({ cookies: { jar } });
36
+ * // Use agent with fetchTransport or undici
37
+ * ```
38
+ */
39
+ declare function cookieJar(jar: CookieJar): Policy;
40
+
41
+ export { type CookieJar, cookieJar };
package/dist/index.js ADDED
@@ -0,0 +1,2 @@
1
+ import {SECURITY_CONFIG}from'@unireq/config';function s(o){return !SECURITY_CONFIG.CRLF_VALIDATION.PATTERN.test(o)}function u(o){return async(e,a)=>{let i=await Promise.resolve(o.getCookieString(e.url));if(i&&!s(i))throw new Error("Invalid cookie value: contains CRLF characters (potential injection attack)");let c=i?{...e,headers:{...e.headers,cookie:i}}:e,r=await a(c),t=r.headers["set-cookie"]||r.headers["Set-Cookie"];if(t){let k=Array.isArray(t)?t:[t];for(let n of k){if(!s(n)){console.warn("Skipping invalid Set-Cookie header: contains CRLF characters (potential injection attack)");continue}await Promise.resolve(o.setCookie(n,e.url));}}return r}}export{u as cookieJar};//# sourceMappingURL=index.js.map
2
+ //# sourceMappingURL=index.js.map
package/dist/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/index.ts"],"names":["isValidCookieValue","value","SECURITY_CONFIG","cookieJar","jar","ctx","next","cookies","updatedCtx","response","setCookieHeaders","cookieArray","cookie"],"mappings":"6CAqBA,SAASA,CAAAA,CAAmBC,CAAAA,CAAwB,CAElD,OAAO,CAACC,eAAAA,CAAgB,eAAA,CAAgB,OAAA,CAAQ,IAAA,CAAKD,CAAK,CAC5D,CA2BO,SAASE,CAAAA,CAAUC,CAAAA,CAAwB,CAChD,OAAO,MAAOC,CAAAA,CAAqBC,CAAAA,GAAqD,CAEtF,IAAMC,CAAAA,CAAU,MAAM,OAAA,CAAQ,QAAQH,CAAAA,CAAI,eAAA,CAAgBC,CAAAA,CAAI,GAAG,CAAC,CAAA,CAGlE,GAAIE,CAAAA,EAAW,CAACP,CAAAA,CAAmBO,CAAO,CAAA,CACxC,MAAM,IAAI,KAAA,CAAM,6EAA6E,CAAA,CAI/F,IAAMC,CAAAA,CAAaD,CAAAA,CACf,CACE,GAAGF,CAAAA,CACH,OAAA,CAAS,CACP,GAAGA,CAAAA,CAAI,OAAA,CACP,MAAA,CAAQE,CACV,CACF,CAAA,CACAF,CAAAA,CAGEI,CAAAA,CAAW,MAAMH,CAAAA,CAAKE,CAAU,CAAA,CAGhCE,CAAAA,CAAmBD,CAAAA,CAAS,OAAA,CAAQ,YAAY,CAAA,EAAKA,CAAAA,CAAS,OAAA,CAAQ,YAAY,CAAA,CAExF,GAAIC,CAAAA,CAAkB,CACpB,IAAMC,CAAAA,CAAc,KAAA,CAAM,OAAA,CAAQD,CAAgB,CAAA,CAAIA,CAAAA,CAAmB,CAACA,CAAgB,CAAA,CAE1F,IAAA,IAAWE,KAAUD,CAAAA,CAAa,CAEhC,GAAI,CAACX,CAAAA,CAAmBY,CAAM,CAAA,CAAG,CAC/B,OAAA,CAAQ,IAAA,CAAK,2FAA2F,CAAA,CACxG,QACF,CAEA,MAAM,OAAA,CAAQ,OAAA,CAAQR,CAAAA,CAAI,SAAA,CAAUQ,CAAAA,CAAQP,CAAAA,CAAI,GAAG,CAAC,EACtD,CACF,CAEA,OAAOI,CACT,CACF","file":"index.js","sourcesContent":["/**\n * @unireq/cookies - Cookie jar integration with tough-cookie and http-cookie-agent/undici\n * @see https://www.npmjs.com/package/tough-cookie\n * @see https://www.npmjs.com/package/http-cookie-agent\n */\n\nimport { SECURITY_CONFIG } from '@unireq/config';\nimport type { Policy, RequestContext, Response } from '@unireq/core';\n\n/** Cookie jar interface (compatible with tough-cookie) */\nexport interface CookieJar {\n getCookieString: (url: string) => Promise<string> | string;\n setCookie: (cookie: string, url: string) => Promise<void> | void;\n}\n\n/**\n * Validates cookie value for CRLF injection (OWASP A03:2021)\n * @param value - Cookie value to validate\n * @returns True if valid, false if contains CRLF characters\n * @see https://owasp.org/www-community/vulnerabilities/CRLF_Injection\n */\nfunction isValidCookieValue(value: string): boolean {\n // Reject any cookie value containing CR (\\r) or LF (\\n)\n return !SECURITY_CONFIG.CRLF_VALIDATION.PATTERN.test(value);\n}\n\n/**\n * Creates a cookie jar policy\n * Integrates with tough-cookie CookieJar\n *\n * @param jar - Cookie jar instance (tough-cookie CookieJar)\n * @returns Policy that manages cookies\n *\n * @example\n * ```ts\n * import { CookieJar } from 'tough-cookie';\n *\n * const jar = new CookieJar();\n * const cookiePolicy = cookieJar(jar);\n * ```\n *\n * Note: For proxy support, use http-cookie-agent with undici:\n * ```ts\n * import { CookieJar } from 'tough-cookie';\n * import { CookieAgent } from 'http-cookie-agent/undici';\n *\n * const jar = new CookieJar();\n * const agent = new CookieAgent({ cookies: { jar } });\n * // Use agent with fetchTransport or undici\n * ```\n */\nexport function cookieJar(jar: CookieJar): Policy {\n return async (ctx: RequestContext, next: (ctx: RequestContext) => Promise<Response>) => {\n // Get cookies for this URL\n const cookies = await Promise.resolve(jar.getCookieString(ctx.url));\n\n // Validate cookies for CRLF injection\n if (cookies && !isValidCookieValue(cookies)) {\n throw new Error('Invalid cookie value: contains CRLF characters (potential injection attack)');\n }\n\n // Add cookies to request if present\n const updatedCtx = cookies\n ? {\n ...ctx,\n headers: {\n ...ctx.headers,\n cookie: cookies,\n },\n }\n : ctx;\n\n // Execute request\n const response = await next(updatedCtx);\n\n // Store Set-Cookie headers from response\n const setCookieHeaders = response.headers['set-cookie'] || response.headers['Set-Cookie'];\n\n if (setCookieHeaders) {\n const cookieArray = Array.isArray(setCookieHeaders) ? setCookieHeaders : [setCookieHeaders];\n\n for (const cookie of cookieArray) {\n // Validate Set-Cookie header for CRLF injection\n if (!isValidCookieValue(cookie)) {\n console.warn('Skipping invalid Set-Cookie header: contains CRLF characters (potential injection attack)');\n continue;\n }\n\n await Promise.resolve(jar.setCookie(cookie, ctx.url));\n }\n }\n\n return response;\n };\n}\n"]}
package/package.json ADDED
@@ -0,0 +1,57 @@
1
+ {
2
+ "name": "@unireq/cookies",
3
+ "version": "0.0.1",
4
+ "description": "Cookie jar integration for unireq with tough-cookie and http-cookie-agent",
5
+ "type": "module",
6
+ "main": "./dist/index.js",
7
+ "types": "./dist/index.d.ts",
8
+ "exports": {
9
+ ".": {
10
+ "types": "./dist/index.d.ts",
11
+ "import": "./dist/index.js"
12
+ }
13
+ },
14
+ "files": [
15
+ "dist"
16
+ ],
17
+ "author": "Olivier Orabona",
18
+ "license": "MIT",
19
+ "dependencies": {
20
+ "@unireq/core": "0.0.1",
21
+ "@unireq/config": "0.0.1"
22
+ },
23
+ "peerDependencies": {
24
+ "tough-cookie": "^5.0.0",
25
+ "http-cookie-agent": "^6.0.6"
26
+ },
27
+ "peerDependenciesMeta": {
28
+ "tough-cookie": {
29
+ "optional": true
30
+ },
31
+ "http-cookie-agent": {
32
+ "optional": true
33
+ }
34
+ },
35
+ "devDependencies": {
36
+ "typescript": "^5.9.3",
37
+ "tsup": "^8.5.1"
38
+ },
39
+ "engines": {
40
+ "node": ">=18.0.0"
41
+ },
42
+ "repository": {
43
+ "type": "git",
44
+ "url": "https://github.com/oorabona/unireq",
45
+ "directory": "packages/cookies"
46
+ },
47
+ "bugs": {
48
+ "url": "https://github.com/oorabona/unireq/issues"
49
+ },
50
+ "homepage": "https://github.com/oorabona/unireq/tree/main/packages/cookies",
51
+ "scripts": {
52
+ "build": "tsup",
53
+ "type-check": "tsc --noEmit",
54
+ "test": "vitest run",
55
+ "clean": "rm -rf dist *.tsbuildinfo"
56
+ }
57
+ }