@otterhttp/csrf-csrf
Advanced tools
@otterhttp/csrf-csrf - npm Package Compare versions
Comparing version 3.2.0 to 3.3.0
@@ -8,3 +8,8 @@ import { IncomingMessage, ServerResponse } from 'node:http'; | ||
| value: string; | ||
| signed: boolean; | ||
| unsign(unsigner: (signedValue: string) => string): void; | ||
| }; | ||
| type SetCookieOptions = SerializeOptions & { | ||
| sign?: ((value: string) => string) | undefined; | ||
| }; | ||
| type CSRFRequest = IncomingMessage & { | ||
@@ -14,9 +19,10 @@ cookies: Record<string, Cookie>; | ||
| type CSRFResponse<Request extends CSRFRequest = CSRFRequest> = ServerResponse<Request> & { | ||
| cookie: (name: string, value: string, options?: SerializeOptions) => unknown; | ||
| cookie: (name: string, value: string, options?: SetCookieOptions) => unknown; | ||
| }; | ||
| type ExtraCookieOptions = { | ||
| name?: string; | ||
| name?: string | undefined; | ||
| unsign?: ((signedValue: string) => string) | undefined; | ||
| }; | ||
| type CSRFCookieOptions = SerializeOptions & ExtraCookieOptions; | ||
| type ResolvedCSRFCookieOptions = SerializeOptions & Required<ExtraCookieOptions>; | ||
| type CSRFCookieOptions = SetCookieOptions & ExtraCookieOptions; | ||
| type ResolvedCSRFCookieOptions = SetCookieOptions & Required<Pick<ExtraCookieOptions, "name">> & Exclude<ExtraCookieOptions, "name">; | ||
| type TokenRetriever<Request extends CSRFRequest = CSRFRequest, Response extends CSRFResponse<Request> = CSRFResponse<Request>> = (req: Request, res: Response) => string | null | undefined | Promise<string | null | undefined>; | ||
@@ -23,0 +29,0 @@ type CsrfSecretRetriever<Request extends CSRFRequest = CSRFRequest, Response extends CSRFResponse<Request> = CSRFResponse<Request>> = (req: Request, res: Response) => string | Array<string> | Promise<string | Array<string>>; |
@@ -29,4 +29,3 @@ // src/index.ts | ||
| secure: true, | ||
| httpOnly: true, | ||
| signed: false | ||
| httpOnly: true | ||
| }, | ||
@@ -43,4 +42,4 @@ cookieOptions | ||
| const csrfCookie = getCsrfCookieFromRequest(req); | ||
| if (typeof csrfCookie === "object" && !overwrite) { | ||
| const [csrfToken2, csrfTokenHash2] = csrfCookie.value.split(delimiter); | ||
| if (typeof csrfCookie === "string" && !overwrite) { | ||
| const [csrfToken2, csrfTokenHash2] = csrfCookie.split(delimiter); | ||
| if (await validateTokenAndHashPair(req, res, { | ||
@@ -73,3 +72,15 @@ incomingToken: csrfToken2, | ||
| var _a; | ||
| return (_a = req.cookies) == null ? void 0 : _a[defaultCookieOptions.name]; | ||
| const cookie = (_a = req.cookies) == null ? void 0 : _a[defaultCookieOptions.name]; | ||
| function cookieValueSafe() { | ||
| try { | ||
| return cookie.value; | ||
| } catch { | ||
| return void 0; | ||
| } | ||
| } | ||
| if (cookie == null) return cookie; | ||
| if (defaultCookieOptions.unsign == null) return cookieValueSafe(); | ||
| if (cookie.signed) return cookieValueSafe(); | ||
| cookie.unsign(defaultCookieOptions.unsign); | ||
| return cookieValueSafe(); | ||
| }; | ||
@@ -86,4 +97,4 @@ const validateTokenAndHashPair = async (req, res, { incomingHash, incomingToken, possibleSecrets }) => { | ||
| const csrfCookie = getCsrfCookieFromRequest(req); | ||
| if (typeof csrfCookie !== "object") return false; | ||
| const [csrfTokenFromCookie, csrfTokenHash] = csrfCookie.value.split(delimiter); | ||
| if (typeof csrfCookie !== "string") return false; | ||
| const [csrfTokenFromCookie, csrfTokenHash] = csrfCookie.split(delimiter); | ||
| const csrfTokenFromRequest = await getTokenFromRequest(req, res); | ||
@@ -90,0 +101,0 @@ const getSecretResult = await getSecret(req, res); |
@@ -46,14 +46,19 @@ { | ||
| "@biomejs/biome": "^1.8.3", | ||
| "@otterhttp/app": "^3.4.3", | ||
| "@otterhttp/cookie": "^3.0.1", | ||
| "@otterhttp/cookie-signature": "^3.0.0", | ||
| "@otterhttp/request": "^3.1.1", | ||
| "@types/node": "^20.14.10", | ||
| "@otterhttp/request": "^3.4.1", | ||
| "@types/node": "^22.5.0", | ||
| "@types/tough-cookie": "^4.0.5", | ||
| "@vitest/coverage-istanbul": "^2.0.3", | ||
| "http-cookie-agent": "^6.0.5", | ||
| "standard-version": "^9.5.0", | ||
| "tough-cookie": "^4.1.4", | ||
| "ts-node": "^10.9.2", | ||
| "tsup": "^8.1.0", | ||
| "typescript": "^5.3.3", | ||
| "undici": "^6.19.8", | ||
| "vitest": "^2.0.3" | ||
| }, | ||
| "dependencies": { | ||
| "@otterhttp/cookie": "^3.0.0", | ||
| "@otterhttp/errors": "^0.2.0" | ||
@@ -65,3 +70,3 @@ }, | ||
| "packageManager": "pnpm@9.5.0", | ||
| "version": "3.2.0" | ||
| "version": "3.3.0" | ||
| } |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Improved metrics
- Total package byte prevSize
- increased by3.35%
44591
- Dependency count
- decreased by-50%
1
- Lines of code
- increased by8.97%
340
Worsened metrics
- Dev dependency count
- increased by60%
16
Dependency changes
- Removed@otterhttp/cookie@^3.0.0
- Removed@otterhttp/cookie@3.0.2(transitive)