Socket
Socket
Sign inDemoInstall

cookie-parser

Package Overview
Dependencies
2
Maintainers
2
Versions
17
Alerts
File Explorer

Advanced tools

npm Scripts

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 1.0.1 to 1.1.0

.travis.yml
History.md
LICENSE

31

index.js

@@ -0,1 +1,10 @@

/*!
* cookie-parser
* MIT Licensed
*/
/**
* Module dependencies.
*/
var cookie = require('cookie');

@@ -5,17 +14,7 @@ var parse = require('./lib/parse');

/**
* Parse _Cookie_ header and populate `req.cookies`
* with an object keyed by the cookie names. Optionally
* you may enabled signed cookie support by passing
* a `secret` string, which assigns `req.secret` so
* it may be used by other middleware.
* Parse Cookie header and populate `req.cookies`
* with an object keyed by the cookie names.
*
* Examples:
*
* connect()
* .use(connect.cookieParser('optional secret string'))
* .use(function(req, res, next){
* res.end(JSON.stringify(req.cookies));
* })
*
* @param {String} secret
* @param {String} [secret]
* @param {Object} [options]
* @return {Function}

@@ -25,3 +24,3 @@ * @api public

module.exports = function cookieParser(secret, opt){
module.exports = function cookieParser(secret, options){
return function cookieParser(req, res, next) {

@@ -37,3 +36,3 @@ if (req.cookies) return next();

try {
req.cookies = cookie.parse(cookies, opt);
req.cookies = cookie.parse(cookies, options);
if (secret) {

@@ -40,0 +39,0 @@ req.signedCookies = parse.signedCookies(req.cookies, secret);

11

package.json
{
"name": "cookie-parser",
"version": "1.0.1",
"version": "1.1.0",
"description": "cookie parsing with signatures",

@@ -12,9 +12,8 @@ "keywords": [

"dependencies": {
"cookie": "0.1.0",
"cookie": "0.1.2",
"cookie-signature": "1.0.3"
},
"devDependencies": {
"mocha": "~1.17.0",
"connect": "2.13.0",
"supertest": "0.9.0"
"mocha": "~1.18.2",
"supertest": "~0.12.1"
},

@@ -24,3 +23,3 @@ "licenses": "MIT",

"engines": {
"node": ">= 0.10.0"
"node": ">= 0.8.0"
},

@@ -27,0 +26,0 @@ "scripts": {

30

README.md

@@ -1,8 +0,28 @@

# cookie-parser
# cookie-parser [![Build Status](https://travis-ci.org/expressjs/cookie-parser.svg?branch=master)](https://travis-ci.org/expressjs/cookie-parser) [![NPM Version](https://badge.fury.io/js/cookie-parser.svg)](https://badge.fury.io/js/cookie-parser)
Parse _Cookie_ header and populate `req.cookies` with an object keyed by the cookie
Parse `Cookie` header and populate `req.cookies` with an object keyed by the cookie
names. Optionally you may enabled signed cookie support by passing a `secret` string,
which assigns `req.secret` so it may be used by other middleware.
## Install
```sh
$ npm install cookie-parser
```
## API
```js
var cookieParser = require('cookie-parser')
```
### cookieParser(secret, options)
- `secret` a string used for signing cookies. This is optional and if not specified, will not parse signed cookies.
- `options` an object that is passed to `cookie.parse` as the second option. See [cookie](https://www.npmjs.org/package/cookie) for more information.
- `decode` a funcction to decode the value of the cookie
## Example
```js
var cookieParser = require('cookie-parser');

@@ -17,10 +37,4 @@

## install
```shell
npm install cookie-parser
```
## License
MIT

72

test/cookieParser.js

@@ -1,30 +0,24 @@

var connect = require('connect')
, request = require('supertest')
, signature = require('cookie-signature');
var app = connect();
var cookieParser = require('..')
var http = require('http')
var request = require('supertest')
var signature = require('cookie-signature')
app.use(connect.cookieParser('keyboard cat'));
describe('connect.cookieParser()', function(){
var server
before(function(){
server = createServer('keyboard cat')
})
app.use(function(req, res, next){
if ('/signed' != req.url) return next();
res.end(JSON.stringify(req.signedCookies));
});
app.use(function(req, res, next){
res.end(JSON.stringify(req.cookies));
});
describe('connect.cookieParser()', function(){
describe('when no cookies are sent', function(){
it('should default req.cookies to {}', function(done){
request(app)
request(server)
.get('/')
.expect('{}', done);
.expect(200, '{}', done)
})
it('should default req.signedCookies to {}', function(done){
request(app)
request(server)
.get('/signed')
.expect('{}', done);
.expect(200, '{}', done)
})

@@ -35,6 +29,6 @@ })

it('should populate req.cookies', function(done){
request(app)
request(server)
.get('/')
.set('Cookie', 'foo=bar; bar=baz')
.expect('{"foo":"bar","bar":"baz"}', done);
.expect(200, '{"foo":"bar","bar":"baz"}', done)
})

@@ -48,24 +42,26 @@ })

it('should populate req.signedCookies', function(done){
request(app)
request(server)
.get('/signed')
.set('Cookie', 'foo=s:' + val)
.expect('{"foo":"foobarbaz"}', done);
.expect(200, '{"foo":"foobarbaz"}', done)
})
it('should remove the signed value from req.cookies', function(done){
request(app)
request(server)
.get('/')
.set('Cookie', 'foo=s:' + val)
.expect('{}', done);
.expect(200, '{}', done)
})
it('should omit invalid signatures', function(done){
request(app)
server.listen()
request(server)
.get('/signed')
.set('Cookie', 'foo=' + val + '3')
.expect('{}', function(){
request(app)
.expect(200, '{}', function(err){
if (err) return done(err)
request(server)
.get('/')
.set('Cookie', 'foo=' + val + '3')
.expect('{"foo":"foobarbaz.CP7AWaXDfAKIRfH49dQzKJx7sKzzSoPq7/AcBBRVwlI3"}', done);
.expect(200, '{"foo":"foobarbaz.CP7AWaXDfAKIRfH49dQzKJx7sKzzSoPq7/AcBBRVwlI3"}', done)
});

@@ -75,1 +71,19 @@ })

})
function createServer(secret) {
var _parser = cookieParser(secret)
return http.createServer(function(req, res){
_parser(req, res, function(err){
if (err) {
res.statusCode = 500
res.end(err.message)
return
}
var cookies = '/signed' === req.url
? req.signedCookies
: req.cookies
res.end(JSON.stringify(cookies))
})
})
}
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc