@fastify/secure-session - npm Package Compare versions

Comparing version 4.0.0 to 4.1.0

index.d.ts

		@@ -10,2 +10,3 @@ /// <reference types="node" />
		set<Key extends keyof SessionData>(key: Key, value: SessionData[Key] \| undefined): void;
		data(): SessionData \| undefined;
		delete(): void;
		@@ -12,0 +13,0 @@ options(opts: CookieSerializeOptions): void;

index.js

		@@ -243,2 +243,7 @@ 'use strict'
		}

		data () {
		const { changed, deleted, ...data } = this[kObj]
		return data
		}
		}
		@@ -245,0 +250,0 @@

package.json

		{
		"name": "@fastify/secure-session",
		"version": "4.0.0",
		"version": "4.1.0",
		"description": "Create a secure stateless cookie session for Fastify",
		@@ -5,0 +5,0 @@ "main": "index.js",

README.md

		@@ -1,5 +0,5 @@
		# fastify-secure-session
		# @fastify/secure-session

		![CI](https://github.com/fastify/fastify-secure-session/workflows/CI/badge.svg)
		[![NPM version](https://img.shields.io/npm/v/fastify-secure-session.svg?style=flat)](https://www.npmjs.com/package/fastify-secure-session)
		[![NPM version](https://img.shields.io/npm/v/@fastify/secure-session.svg?style=flat)](https://www.npmjs.com/package/@fastify/secure-session)
		[![Known Vulnerabilities](https://snyk.io/test/github/fastify/fastify-secure-session/badge.svg)](https://snyk.io/test/github/fastify/fastify-secure-session)
		@@ -10,3 +10,3 @@ [![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](https://standardjs.com/)
		[Secret Key Box Encryption](https://github.com/sodium-friends/sodium-native#secret-key-box-encryption)
		and [fastify-cookie](https://github.com/fastify/fastify-cookie).
		and [@fastify/cookie](https://github.com/fastify/fastify-cookie).

		@@ -18,3 +18,3 @@ ## Using a pregenerated key
		```sh
		npx fastify-secure-session > secret-key
		npx @fastify/secure-session > secret-key
		```
		@@ -25,3 +25,3 @@
		```sh
		npx fastify-secure-session \| Out-File -Encoding default -NoNewline -FilePath secret-key
		npx @fastify/secure-session \| Out-File -Encoding default -NoNewline -FilePath secret-key
		```
		@@ -38,3 +38,3 @@

		fastify.register(require('fastify-secure-session'), {
		fastify.register(require('@fastify/secure-session'), {
		// the name of the session cookie, defaults to 'session'
		@@ -92,3 +92,3 @@ cookieName: 'my-session-cookie',
		```js
		fastify.register(require('fastify-secure-session'), {
		fastify.register(require('@fastify/secure-session'), {
		key: Buffer.from(process.env.COOKIE_KEY, 'hex')
		@@ -112,3 +112,3 @@ })

		fastify.register(require('fastify-secure-session'), {
		fastify.register(require('@fastify/secure-session'), {
		secret: 'averylogphrasebiggerthanthirtytwochars',
		@@ -137,2 +137,12 @@ salt: 'mq9hDxBVDbspDR6n',

		fastify.get('/all', (request, reply) => {
		// get all data from session
		const data = request.session.data()
		if (!data) {
		reply.code(404).send()
		return
		}
		reply.send(data)
		})

		fastify.listen(3000)
		@@ -151,3 +161,3 @@ ```
		// first time running the app
		fastify.register(require('fastify-secure-session'), {
		fastify.register(require('@fastify/secure-session'), {
		key: [mySecureKey]
		@@ -168,3 +178,3 @@
		// first time running the app
		fastify.register(require('fastify-secure-session'), {
		fastify.register(require('@fastify/secure-session'), {
		key: [myNewKey, mySecureKey]
		@@ -196,3 +206,3 @@

		fastify.register(require('fastify-secure-session'), {
		fastify.register(require('@fastify/secure-session'), {
		// any old sessions signed with key2 will still be decoded successfully the first time and
		@@ -251,3 +261,3 @@ // then re-signed with key1 to keep good performance with subsequent calls

		If you need to encode or decode a session in related systems (like say `fastify-websockets`, which does not use normal Fastify `Request` objects), you can use `fastify-secure-session`'s decorators to encode and decode sessions yourself. This is less than ideal as this library's cookie setting code is battle tested by the community, but the option is there if you need it.
		If you need to encode or decode a session in related systems (like say `@fastify/websocket`, which does not use normal Fastify `Request` objects), you can use `@fastify/secure-session`'s decorators to encode and decode sessions yourself. This is less than ideal as this library's cookie setting code is battle tested by the community, but the option is there if you need it.

		@@ -270,3 +280,3 @@ ```js
		```ts
		declare module 'fastify-secure-session' {
		declare module '@fastify/secure-session' {
		interface SessionData {
		@@ -273,0 +283,0 @@ foo: string;

test-d/index.test-d.ts

		@@ -1,2 +0,2 @@
		import SecureSessionPlugin, { Session } from "..";
		import SecureSessionPlugin, { Session, SessionData } from "..";
		import fastify, {
		@@ -30,2 +30,3 @@ FastifyRequest,
		expectType<any>(request.session.get("baz"));
		expectType<SessionData \| undefined>(request.session.data());
		request.session.delete();
		@@ -32,0 +33,0 @@ request.session.options({ maxAge: 42 })

152

test/access.js

		@@ -68,1 +68,153 @@ 'use strict'
		})

		t.test('Get all data that we set in session', t => {
		t.plan(5)
		const fastify = Fastify()
		fastify.register(SecureSessionPlugin, {
		key
		})

		fastify.post('/', (request, reply) => {
		request.session.set('data1', request.body)
		request.session.data2 = request.body

		reply.send('hello world')
		})

		t.teardown(fastify.close.bind(fastify))

		fastify.get('/', (request, reply) => {
		const data = request.session.data()

		if (!data) {
		reply.code(404).send()
		return
		}

		reply.send(data)
		})

		fastify.inject({
		method: 'POST',
		url: '/',
		payload: {
		some: 'data'
		}
		}, (error, response) => {
		t.error(error)
		t.equal(response.statusCode, 200)
		t.ok(response.headers['set-cookie'])

		fastify.inject({
		method: 'GET',
		url: '/',
		headers: {
		cookie: response.headers['set-cookie']
		}
		}, (error, response) => {
		t.error(error)
		t.same(JSON.parse(response.payload), {
		data1: { some: 'data' },
		data2: { some: 'data' }
		})
		})
		})
		})

		t.test('session is changed', t => {
		t.plan(5)
		const fastify = Fastify()
		fastify.register(SecureSessionPlugin, {
		key
		})

		fastify.post('/', (request, reply) => {
		request.session.set('data1', request.body)
		request.session.data2 = request.body

		reply.send('hello world')
		})

		t.teardown(fastify.close.bind(fastify))

		fastify.get('/', (request, reply) => {
		const changed = request.session.changed

		if (!changed) {
		reply.code(404).send()
		return
		}

		reply.send(changed)
		})

		fastify.inject({
		method: 'POST',
		url: '/',
		payload: {
		some: 'data'
		}
		}, (error, response) => {
		t.error(error)
		t.equal(response.statusCode, 200)
		t.ok(response.headers['set-cookie'])

		fastify.inject({
		method: 'GET',
		url: '/',
		headers: {
		cookie: response.headers['set-cookie']
		}
		}, (error, response) => {
		t.error(error)
		t.same(JSON.parse(response.payload), true)
		})
		})
		})

		t.test('session is deleted', t => {
		t.plan(5)
		const fastify = Fastify()
		fastify.register(SecureSessionPlugin, {
		key
		})

		fastify.post('/', (request, reply) => {
		request.session.set('data1', request.body)
		request.session.data2 = request.body

		reply.send('hello world')
		})

		fastify.post('/delete', (request, reply) => {
		request.session.delete()
		const deleted = request.session.deleted

		reply.send(deleted)
		})

		t.teardown(fastify.close.bind(fastify))

		fastify.inject({
		method: 'POST',
		url: '/',
		payload: {
		some: 'data'
		}
		}, (error, response) => {
		t.error(error)
		t.equal(response.statusCode, 200)
		t.ok(response.headers['set-cookie'])

		fastify.inject({
		method: 'POST',
		url: '/delete',
		headers: {
		cookie: response.headers['set-cookie']
		}
		}, (error, response) => {
		t.error(error)
		t.same(JSON.parse(response.payload), true)
		})
		})
		})

@fastify/secure-session - npm Package Compare versions

New alerts

Improved metrics

Worsened metrics