Launch Week Day 5: Introducing Reachability for PHP.Learn More
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@fastify/cookie

Package Overview
Dependencies
Maintainers
20
Versions
28
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@fastify/cookie - npm Package Compare versions

Comparing version
9.3.1
 to
9.4.0
+3
-3
package.json
{
"name": "@fastify/cookie",
"version": "9.3.1",
"version": "9.4.0",
"description": "Plugin for fastify to add support for cookies",

@@ -47,7 +47,7 @@ "main": "plugin.js",

"fastify": "^4.0.0",
"sinon": "^17.0.0",
"sinon": "^18.0.0",
"snazzy": "^9.0.0",
"standard": "^17.0.0",
"tap": "^16.0.0",
"tsd": "^0.30.0"
"tsd": "^0.31.0"
},

@@ -54,0 +54,0 @@ "dependencies": {

+1
-8
plugin.js

@@ -25,3 +25,3 @@ 'use strict'

if (opts.secure === 'auto') {
if (isConnectionSecure(reply.request)) {
if (reply.request.protocol === 'https') {
opts.secure = true

@@ -191,9 +191,2 @@ } else {

function isConnectionSecure (request) {
return (
request.raw.socket?.encrypted === true ||
request.headers['x-forwarded-proto'] === 'https'
)
}
const fastifyCookie = fp(plugin, {

@@ -200,0 +193,0 @@ fastify: '4.x',

+8
-0
README.md

@@ -99,4 +99,12 @@ # @fastify/cookie

- `hook`: the [Fastify Hook](https://fastify.dev/docs/latest/Reference/Lifecycle/#lifecycle) to register the parsing of cookie into. Default: `onRequest`.
- `algorithm`: the [algorithm](https://nodejs.org/api/crypto.html#cryptogethashes) to use to sign the cookies. Default: `sha256`.
- `parseOptions`: An `Object` to modify the serialization of set cookies.
### :warning: Security Considerations :warning:
It is recommended to use `sha256` or stronger hashing algorithm as well as a `secret` that is at least 20 bytes long.
#### parseOptions

@@ -103,0 +111,0 @@ 

+1
-1
test/cookie.test.js

@@ -857,3 +857,3 @@ 'use strict'

test('handle secure:auto of cookieOptions', async (t) => {
const fastify = Fastify()
const fastify = Fastify({ trustProxy: true })

@@ -860,0 +860,0 @@ await fastify.register(plugin)

+13
-8
types/plugin.d.ts

@@ -118,11 +118,11 @@ /// <reference types='node' />

encode?(val: string): string;
/** The expiration `date` used for the `Expires` attribute. If both `expires` and `maxAge` are set, then `expires` is used. */
/** The expiration `date` used for the `Expires` attribute. */
expires?: Date;
/** The `boolean` value of the `HttpOnly` attribute. Defaults to true. */
/** Add the `HttpOnly` attribute. Defaults to `false`. */
httpOnly?: boolean;
/** A `number` in seconds that specifies the `Expires` attribute by adding the specified seconds to the current date. If both `expires` and `maxAge` are set, then `expires` is used. */
/** A `number` in seconds that specifies the `Max-Age` attribute. */
maxAge?: number;
/** A `boolean` indicating whether the cookie is tied to the top-level site where it's initially set and cannot be accessed from elsewhere. */
partitioned?: boolean;
/** The `Path` attribute. Defaults to `/` (the root path). */
/** The `Path` attribute. */
path?: string;

@@ -133,3 +133,3 @@ /** A `boolean` or one of the `SameSite` string attributes. E.g.: `lax`, `none` or `strict`. */

priority?: 'low' | 'medium' | 'high';
/** The `boolean` value of the `Secure` attribute. Set this option to false when communicating over an unencrypted (HTTP) connection. Value can be set to `auto`; in this case the `Secure` attribute will be set to false for HTTP request, in case of HTTPS it will be set to true. Defaults to true. */
/** Add the `Secure` attribute. Defaults to `false`. */
secure?: boolean;

@@ -139,2 +139,3 @@ }

export interface CookieSerializeOptions extends Omit<SerializeOptions, 'secure'> {
/** Add the `Secure` attribute. Value can be set to `"auto"`; in this case the `Secure` attribute will only be added for HTTPS requests. Defaults to `false`. */
secure?: boolean | 'auto';

@@ -160,6 +161,10 @@ signed?: boolean;

export interface UnsignResult {
valid: boolean;
export type UnsignResult = {
valid: true;
renew: boolean;
value: string | null;
value: string;
} | {
valid: false;
renew: false;
value: null;
}

@@ -166,0 +171,0 @@ 

+24
-12
types/plugin.test-d.ts

@@ -153,7 +153,11 @@ import cookie from '..';

reply.unsignCookie(request.cookies.test!);
const { valid, renew, value } = reply.unsignCookie('test');
const unsigned = reply.unsignCookie('test');
expectType<boolean>(valid);
expectType<boolean>(renew);
expectType<string | null>(value);
expectType<boolean>(unsigned.valid);
if (unsigned.valid) {
expectType<string>(unsigned.value);
} else {
expectType<null>(unsigned.value);
}
expectType<boolean>(unsigned.renew);

@@ -186,7 +190,11 @@ reply.send({ hello: 'world' });

server.get('/', (request, reply) => {
const { valid, renew, value } = reply.unsignCookie(request.cookies.test!);
const unsigned = reply.unsignCookie(request.cookies.test!);
expectType<boolean>(valid);
expectType<boolean>(renew);
expectType<string | null>(value);
expectType<boolean>(unsigned.valid);
if (unsigned.valid) {
expectType<string>(unsigned.value);
} else {
expectType<null>(unsigned.value);
}
expectType<boolean>(unsigned.renew);
});

@@ -209,7 +217,11 @@ });

reply.unsignCookie(request.cookies.test!)
const { valid, renew, value } = reply.unsignCookie('test')
const unsigned = reply.unsignCookie('test')
expectType<boolean>(valid)
expectType<boolean>(renew)
expectType<string | null>(value)
expectType<boolean>(unsigned.valid);
if (unsigned.valid) {
expectType<string>(unsigned.value);
} else {
expectType<null>(unsigned.value);
}
expectType<boolean>(unsigned.renew);

@@ -216,0 +228,0 @@ reply.send({ hello: 'world' })