@fastify/cookie
Advanced tools
Comparing version 8.2.0 to 8.3.0
{ | ||
"name": "@fastify/cookie", | ||
"version": "8.2.0", | ||
"version": "8.3.0", | ||
"description": "Plugin for fastify to add support for cookies", | ||
@@ -5,0 +5,0 @@ "main": "plugin.js", |
@@ -91,5 +91,5 @@ 'use strict' | ||
} | ||
const enableRotation = Array.isArray(secret) | ||
const isSigner = !secret || (typeof secret.sign === 'function' && typeof secret.unsign === 'function') | ||
const algorithm = options.algorithm || 'sha256' | ||
const signer = typeof secret === 'string' || enableRotation ? new Signer(secret, algorithm) : secret | ||
const signer = isSigner ? secret : new Signer(secret, algorithm) | ||
@@ -96,0 +96,0 @@ fastify.decorate('parseCookie', parseCookie) |
@@ -75,4 +75,4 @@ # @fastify/cookie | ||
- `secret` (`String` | `Array` | `Object`): | ||
- A `String` can be passed to use as secret to sign the cookie using [`cookie-signature`](http://npm.im/cookie-signature). | ||
- `secret` (`String` | `Array` | `Buffer` | `Object`): | ||
- A `String` or `Buffer` can be passed to use as secret to sign the cookie using [`cookie-signature`](http://npm.im/cookie-signature). | ||
- An `Array` can be passed if key rotation is desired. Read more about it in [Rotating signing secret](#rotating-secret). | ||
@@ -79,0 +79,0 @@ - More sophisticated cookie signing mechanisms can be implemented by supplying an `Object`. Read more about it in [Custom cookie signer](#custom-cookie-signer). |
@@ -28,4 +28,4 @@ 'use strict' | ||
for (const secret of secrets) { | ||
if (typeof secret !== 'string') { | ||
throw new TypeError('Secret key must be a string.') | ||
if (typeof secret !== 'string' && Buffer.isBuffer(secret) === false) { | ||
throw new TypeError('Secret key must be a string or Buffer.') | ||
} | ||
@@ -32,0 +32,0 @@ } |
@@ -31,3 +31,3 @@ 'use strict' | ||
t.test('sign', (t) => { | ||
t.plan(3) | ||
t.plan(5) | ||
@@ -39,2 +39,4 @@ const input = 'some-value' | ||
t.equal(result, sign(input, [secret])) | ||
t.equal(result, sign(input, Buffer.from(secret))) | ||
t.equal(result, sign(input, [Buffer.from(secret)])) | ||
@@ -66,3 +68,3 @@ t.throws(() => sign(undefined), 'Cookie value must be provided as a string.') | ||
t.same(result, unsign(input, [secret])) | ||
t.throws(() => unsign(undefined), 'Secret key must be a string.') | ||
t.throws(() => unsign(undefined), 'Secret key must be a string or Buffer.') | ||
t.throws(() => unsign(undefined, secret), 'Signed cookie string must be provided.') | ||
@@ -123,8 +125,10 @@ }) | ||
t.test('Signer needs a string as secret', (t) => { | ||
t.plan(4) | ||
t.throws(() => Signer(1), 'Secret key must be a string.') | ||
t.throws(() => Signer(undefined), 'Secret key must be a string.') | ||
t.test('Signer needs a string or Buffer as secret', (t) => { | ||
t.plan(6) | ||
t.throws(() => Signer(1), 'Secret key must be a string or Buffer.') | ||
t.throws(() => Signer(undefined), 'Secret key must be a string or Buffer.') | ||
t.doesNotThrow(() => Signer('secret')) | ||
t.doesNotThrow(() => Signer(['secret'])) | ||
t.doesNotThrow(() => Signer(Buffer.from('deadbeef76543210', 'hex'))) | ||
t.doesNotThrow(() => Signer([Buffer.from('deadbeef76543210', 'hex')])) | ||
}) | ||
@@ -131,0 +135,0 @@ |
@@ -103,3 +103,3 @@ /// <reference types='node' /> | ||
export class Signer implements SignerBase { | ||
constructor (secrets: string | Array<string>, algorithm?: string) | ||
constructor (secrets: string | Array<string> | Buffer | Array<Buffer>, algorithm?: string) | ||
sign: (value: string) => string; | ||
@@ -132,3 +132,3 @@ unsign: (input: string) => UnsignResult; | ||
export interface FastifyCookieOptions { | ||
secret?: string | string[] | Signer; | ||
secret?: string | string[] | Buffer | Buffer[] | Signer; | ||
hook?: HookType | false; | ||
@@ -138,5 +138,5 @@ parseOptions?: fastifyCookie.CookieSerializeOptions; | ||
export type Sign = (value: string, secret: string, algorithm?: string) => string; | ||
export type Unsign = (input: string, secret: string, algorithm?: string) => UnsignResult; | ||
export type SignerFactory = (secrets: string | Array<string>, algorithm?: string) => SignerBase; | ||
export type Sign = (value: string, secret: string | Buffer, algorithm?: string) => string; | ||
export type Unsign = (input: string, secret: string | Buffer, algorithm?: string) => UnsignResult; | ||
export type SignerFactory = (secrets: string | string[] | Buffer | Buffer[], algorithm?: string) => SignerBase; | ||
@@ -163,3 +163,3 @@ export interface UnsignResult { | ||
export interface FastifyCookieOptions { | ||
secret?: string | string[] | SignerBase; | ||
secret?: string | string[] | Buffer | Buffer[] | SignerBase; | ||
algorithm?: string; | ||
@@ -166,0 +166,0 @@ parseOptions?: CookieSerializeOptions; |
@@ -214,2 +214,4 @@ import cookie from '..'; | ||
new fastifyCookieStar.Signer(['secretStringInArray']) | ||
new fastifyCookieStar.Signer(Buffer.from('secretString')) | ||
new fastifyCookieStar.Signer([Buffer.from('secretStringInArray')]) | ||
const signer = new fastifyCookieStar.Signer(['secretStringInArray'], 'sha256') | ||
@@ -216,0 +218,0 @@ signer.sign('Lorem Ipsum') |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
62668
1561
1