cookie-parser
Advanced tools
Comparing version 1.1.0 to 1.2.0
@@ -0,1 +1,8 @@ | ||
1.2.0 / 2014-06-17 | ||
================== | ||
* export parsing functions | ||
* `req.cookies` and `req.signedCookies` are now plain objects | ||
* slightly faster parsing of many cookies | ||
1.1.0 / 2014-05-12 | ||
@@ -2,0 +9,0 @@ ================== |
14
index.js
@@ -23,3 +23,3 @@ /*! | ||
module.exports = function cookieParser(secret, options){ | ||
exports = module.exports = function cookieParser(secret, options){ | ||
return function cookieParser(req, res, next) { | ||
@@ -30,4 +30,4 @@ if (req.cookies) return next(); | ||
req.secret = secret; | ||
req.cookies = {}; | ||
req.signedCookies = {}; | ||
req.cookies = Object.create(null); | ||
req.signedCookies = Object.create(null); | ||
@@ -50,1 +50,9 @@ if (cookies) { | ||
}; | ||
/** | ||
* Export parsing functions. | ||
*/ | ||
exports.JSONCookie = parse.JSONCookie; | ||
exports.JSONCookies = parse.JSONCookies; | ||
exports.signedCookies = parse.signedCookies; |
@@ -14,7 +14,14 @@ var signature = require('cookie-signature'); | ||
exports.signedCookies = function(obj, secret){ | ||
var ret = {}; | ||
Object.keys(obj).forEach(function(key){ | ||
var val = obj[key]; | ||
if (0 == val.indexOf('s:')) { | ||
var cookies = Object.keys(obj); | ||
var key; | ||
var ret = Object.create(null); | ||
var val; | ||
for (var i = 0; i < cookies.length; i++) { | ||
key = cookies[i]; | ||
val = obj[key]; | ||
if (val.substr(0, 2) === 's:') { | ||
val = signature.unsign(val.slice(2), secret); | ||
if (val) { | ||
@@ -25,3 +32,4 @@ ret[key] = val; | ||
} | ||
}); | ||
} | ||
return ret; | ||
@@ -39,7 +47,15 @@ }; | ||
exports.JSONCookies = function(obj){ | ||
Object.keys(obj).forEach(function(key){ | ||
var val = obj[key]; | ||
var res = exports.JSONCookie(val); | ||
if (res) obj[key] = res; | ||
}); | ||
var cookies = Object.keys(obj); | ||
var key; | ||
var val; | ||
for (var i = 0; i < cookies.length; i++) { | ||
key = cookies[i]; | ||
val = exports.JSONCookie(obj[key]); | ||
if (val) { | ||
obj[key] = val; | ||
} | ||
} | ||
return obj; | ||
@@ -57,9 +73,9 @@ }; | ||
exports.JSONCookie = function(str) { | ||
if (0 == str.indexOf('j:')) { | ||
try { | ||
return JSON.parse(str.slice(2)); | ||
} catch (err) { | ||
// no op | ||
} | ||
if (!str || str.substr(0, 2) !== 'j:') return; | ||
try { | ||
return JSON.parse(str.slice(2)); | ||
} catch (err) { | ||
// no op | ||
} | ||
}; |
{ | ||
"name": "cookie-parser", | ||
"version": "1.1.0", | ||
"description": "cookie parsing with signatures", | ||
"version": "1.2.0", | ||
"author": "TJ Holowaychuk <tj@vision-media.ca> (http://tjholowaychuk.com)", | ||
"licenses": "MIT", | ||
"repository": "expressjs/cookie-parser", | ||
"keywords": [ | ||
@@ -9,4 +12,2 @@ "cookie", | ||
], | ||
"repository": "git://github.com/expressjs/cookie-parser.git", | ||
"author": "TJ Holowaychuk <tj@vision-media.ca> (http://tjholowaychuk.com)", | ||
"dependencies": { | ||
@@ -17,7 +18,6 @@ "cookie": "0.1.2", | ||
"devDependencies": { | ||
"mocha": "~1.18.2", | ||
"supertest": "~0.12.1" | ||
"istanbul": "0.2.10", | ||
"mocha": "~1.20.1", | ||
"supertest": "~0.13.0" | ||
}, | ||
"licenses": "MIT", | ||
"main": "./index.js", | ||
"engines": { | ||
@@ -27,4 +27,6 @@ "node": ">= 0.8.0" | ||
"scripts": { | ||
"test": "mocha --ui bdd --reporter list -- test/*.js" | ||
"test": "mocha --reporter dot test/", | ||
"test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot test/", | ||
"test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec test/" | ||
} | ||
} |
@@ -1,5 +0,9 @@ | ||
# cookie-parser [![Build Status](https://travis-ci.org/expressjs/cookie-parser.svg?branch=master)](https://travis-ci.org/expressjs/cookie-parser) [![NPM Version](https://badge.fury.io/js/cookie-parser.svg)](https://badge.fury.io/js/cookie-parser) | ||
# cookie-parser | ||
[![NPM Version](https://badge.fury.io/js/cookie-parser.svg)](https://badge.fury.io/js/cookie-parser) | ||
[![Build Status](https://travis-ci.org/expressjs/cookie-parser.svg?branch=master)](https://travis-ci.org/expressjs/cookie-parser) | ||
[![Coverage Status](https://img.shields.io/coveralls/expressjs/cookie-parser.svg?branch=master)](https://coveralls.io/r/expressjs/cookie-parser) | ||
Parse `Cookie` header and populate `req.cookies` with an object keyed by the cookie | ||
names. Optionally you may enabled signed cookie support by passing a `secret` string, | ||
names. Optionally you may enable signed cookie support by passing a `secret` string, | ||
which assigns `req.secret` so it may be used by other middleware. | ||
@@ -23,4 +27,16 @@ | ||
- `options` an object that is passed to `cookie.parse` as the second option. See [cookie](https://www.npmjs.org/package/cookie) for more information. | ||
- `decode` a funcction to decode the value of the cookie | ||
- `decode` a function to decode the value of the cookie | ||
### cookieParser.JSONCookie(str) | ||
Parse a cookie value as a JSON cookie. This will return the parsed JSON value if it was a JSON cookie, otherwise it will return the passed value. | ||
### cookieParser.JSONCookies(cookies) | ||
Given an object, this will iterate over the keys and call `JSONCookie` on each value. This will return the same object passed in. | ||
### cookieParser.signedCookies(cookies, secret) | ||
Given an object, this will iterate over the keys and check if any value is a signed cookie. If it is a signed cookie and the signature is valid, the key will be deleted from the object and added to the new object that is returned. | ||
## Example | ||
@@ -27,0 +43,0 @@ |
Sorry, the diff of this file is not supported yet
No repository
Supply chain riskPackage does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
No repository
Supply chain riskPackage does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.
Found 1 instance in 1 package
56
0
6938
3
7
110