@fastify/cookie - npm Package Compare versions

Comparing version 9.3.1 to 9.4.0

package.json

		{
		"name": "@fastify/cookie",
		"version": "9.3.1",
		"version": "9.4.0",
		"description": "Plugin for fastify to add support for cookies",
		@@ -47,7 +47,7 @@ "main": "plugin.js",
		"fastify": "^4.0.0",
		"sinon": "^17.0.0",
		"sinon": "^18.0.0",
		"snazzy": "^9.0.0",
		"standard": "^17.0.0",
		"tap": "^16.0.0",
		"tsd": "^0.30.0"
		"tsd": "^0.31.0"
		},
		@@ -54,0 +54,0 @@ "dependencies": {

plugin.js

		@@ -25,3 +25,3 @@ 'use strict'
		if (opts.secure === 'auto') {
		if (isConnectionSecure(reply.request)) {
		if (reply.request.protocol === 'https') {
		opts.secure = true
		@@ -191,9 +191,2 @@ } else {

		function isConnectionSecure (request) {
		return (
		request.raw.socket?.encrypted === true \|\|
		request.headers['x-forwarded-proto'] === 'https'
		)
		}

		const fastifyCookie = fp(plugin, {
		@@ -200,0 +193,0 @@ fastify: '4.x',

README.md

		@@ -99,4 +99,12 @@ # @fastify/cookie

		- `hook`: the [Fastify Hook](https://fastify.dev/docs/latest/Reference/Lifecycle/#lifecycle) to register the parsing of cookie into. Default: `onRequest`.

		- `algorithm`: the [algorithm](https://nodejs.org/api/crypto.html#cryptogethashes) to use to sign the cookies. Default: `sha256`.

		- `parseOptions`: An `Object` to modify the serialization of set cookies.

		### :warning: Security Considerations :warning:

		It is recommended to use `sha256` or stronger hashing algorithm as well as a `secret` that is at least 20 bytes long.

		#### parseOptions
		@@ -103,0 +111,0 @@

test/cookie.test.js

		@@ -857,3 +857,3 @@ 'use strict'
		test('handle secure:auto of cookieOptions', async (t) => {
		const fastify = Fastify()
		const fastify = Fastify({ trustProxy: true })

		@@ -860,0 +860,0 @@ await fastify.register(plugin)

types/plugin.d.ts

		@@ -118,11 +118,11 @@ /// <reference types='node' />
		encode?(val: string): string;
		/** The expiration `date` used for the `Expires` attribute. If both `expires` and `maxAge` are set, then `expires` is used. */
		/** The expiration `date` used for the `Expires` attribute. */
		expires?: Date;
		/** The `boolean` value of the `HttpOnly` attribute. Defaults to true. */
		/** Add the `HttpOnly` attribute. Defaults to `false`. */
		httpOnly?: boolean;
		/** A `number` in seconds that specifies the `Expires` attribute by adding the specified seconds to the current date. If both `expires` and `maxAge` are set, then `expires` is used. */
		/** A `number` in seconds that specifies the `Max-Age` attribute. */
		maxAge?: number;
		/** A `boolean` indicating whether the cookie is tied to the top-level site where it's initially set and cannot be accessed from elsewhere. */
		partitioned?: boolean;
		/** The `Path` attribute. Defaults to `/` (the root path). */
		/** The `Path` attribute. */
		path?: string;
		@@ -133,3 +133,3 @@ /** A `boolean` or one of the `SameSite` string attributes. E.g.: `lax`, `none` or `strict`. */
		priority?: 'low' \| 'medium' \| 'high';
		/** The `boolean` value of the `Secure` attribute. Set this option to false when communicating over an unencrypted (HTTP) connection. Value can be set to `auto`; in this case the `Secure` attribute will be set to false for HTTP request, in case of HTTPS it will be set to true. Defaults to true. */
		/** Add the `Secure` attribute. Defaults to `false`. */
		secure?: boolean;
		@@ -139,2 +139,3 @@ }
		export interface CookieSerializeOptions extends Omit<SerializeOptions, 'secure'> {
		/** Add the `Secure` attribute. Value can be set to `"auto"`; in this case the `Secure` attribute will only be added for HTTPS requests. Defaults to `false`. */
		secure?: boolean \| 'auto';
		@@ -160,6 +161,10 @@ signed?: boolean;

		export interface UnsignResult {
		valid: boolean;
		export type UnsignResult = {
		valid: true;
		renew: boolean;
		value: string \| null;
		value: string;
		} \| {
		valid: false;
		renew: false;
		value: null;
		}
		@@ -166,0 +171,0 @@

types/plugin.test-d.ts

		@@ -153,7 +153,11 @@ import cookie from '..';
		reply.unsignCookie(request.cookies.test!);
		const { valid, renew, value } = reply.unsignCookie('test');
		const unsigned = reply.unsignCookie('test');

		expectType<boolean>(valid);
		expectType<boolean>(renew);
		expectType<string \| null>(value);
		expectType<boolean>(unsigned.valid);
		if (unsigned.valid) {
		expectType<string>(unsigned.value);
		} else {
		expectType<null>(unsigned.value);
		}
		expectType<boolean>(unsigned.renew);

		@@ -186,7 +190,11 @@ reply.send({ hello: 'world' });
		server.get('/', (request, reply) => {
		const { valid, renew, value } = reply.unsignCookie(request.cookies.test!);
		const unsigned = reply.unsignCookie(request.cookies.test!);

		expectType<boolean>(valid);
		expectType<boolean>(renew);
		expectType<string \| null>(value);
		expectType<boolean>(unsigned.valid);
		if (unsigned.valid) {
		expectType<string>(unsigned.value);
		} else {
		expectType<null>(unsigned.value);
		}
		expectType<boolean>(unsigned.renew);
		});
		@@ -209,7 +217,11 @@ });
		reply.unsignCookie(request.cookies.test!)
		const { valid, renew, value } = reply.unsignCookie('test')
		const unsigned = reply.unsignCookie('test')

		expectType<boolean>(valid)
		expectType<boolean>(renew)
		expectType<string \| null>(value)
		expectType<boolean>(unsigned.valid);
		if (unsigned.valid) {
		expectType<string>(unsigned.value);
		} else {
		expectType<null>(unsigned.value);
		}
		expectType<boolean>(unsigned.renew);

		@@ -216,0 +228,0 @@ reply.send({ hello: 'world' })

@fastify/cookie - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics