cookies - npm Package Compare versions

Comparing version 0.1.5 to 0.1.6

._index.js

@@ -1,1 +0,1 @@
-Mac OS X        	2y�TEXT!RchATTR
&�X��
�com.apple.TextEncodingUTF-8;134217984
+Mac OS X        	2y�TEXT!RchATTR
(|���
�com.apple.TextEncodingUTF-8;134217984

._LICENSE.txt

@@ -1,1 +0,1 @@
-Mac OS X        	2y�TEXTATTR
&�[��
�com.apple.TextEncodingUTF-8;134217984
+Mac OS X        	2y�TEXTATTR
(|���
�com.apple.TextEncodingUTF-8;134217984

._package.json

@@ -1,1 +0,1 @@
-Mac OS X        	2y�TEXTATTR
&�]��
�com.apple.TextEncodingUTF-8;134217984
+Mac OS X        	2y�TEXTATTR
(|���
�com.apple.TextEncodingUTF-8;134217984

._README.md

@@ -1,1 +0,1 @@
-Mac OS X        	2y�TEXT!RchATTR
&�_��
�com.apple.TextEncodingUTF-8;134217984
+Mac OS X        	2y�TEXT!RchATTR
(|���
�com.apple.TextEncodingUTF-8;134217984

._test.js

@@ -1,1 +0,1 @@
-Mac OS X        	2y�TEXT!RchATTR
&�a��
�com.apple.TextEncodingUTF-8;134217984
+Mac OS X        	2y�TEXT!RchATTR
(|���
�com.apple.TextEncodingUTF-8;134217984

lib/._cookies.js

@@ -1,1 +0,1 @@
-Mac OS X        	2y�TEXT!RchATTR
&�c��
�com.apple.TextEncodingUTF-8;134217984
+Mac OS X        	2y�TEXT!RchATTR
(|���
�com.apple.TextEncodingUTF-8;134217984

lib/cookies.js

 var cache = {}
-  , isArray = Array.isArray
 
@@ -39,36 +38,54 @@ function Cookies( request, response, keys ) {
   set: function( name, value, opts ) {
-    var header = this.response.getHeader( "Set-Cookie" )
-      , cookie, str = name + "="
+    var res = this.response
+      , headers = res.getHeader( "Set-Cookie" ) || []
+      , secure = res.socket.encrypted
+      , cookie = new Cookie( name, value, opts )
+      , header
       
-    if ( value ) cookie = str += value
+    if ( typeof headers == "string" ) headers = [ headers ]
+      
+    if ( !secure && opts && opts.secure ) throw "Cannot send secure cookie over unencrypted socket"
     
-    else {
-      opts || ( opts = {} )
-      opts.expires = new Date( 0 )
-    }
-
-    str += "; path=" + ( opts && opts.path || "/" )
+    cookie.secure = secure
+    headers.push( cookie.toHeader() )
     
-    if ( opts ) {
-      if ( opts.expires  ) str += "; expires=" + opts.expires.toUTCString()
-      if ( opts.domain   ) str += "; domain=" + opts.domain
-      if ( opts.secure   ) str += "; secure"
-      if ( opts.httpOnly ) str += "; httponly"
+    if ( opts && opts.signed ) {
+      cookie.value = this.keys.sign( cookie.toString() )
+      cookie.name += ".sig"
+      headers.push( cookie.toHeader() )
     }
     
-    if ( !header ) header = str
+    res.setHeader( "Set-Cookie", headers )
+    return this
+  }
+}
+
+function Cookie( name, value, attrs ) {
+  value || ( this.expires = new Date( 0 ) )
+
+  this.name = name
+  this.value = value || ""
+
+  for ( var name in attrs ) this[ name ] = attrs[ name ]
+}
+
+Cookie.prototype = {
+  path: "/",
+  expires: undefined,
+  domain: undefined,
+  httpOnly: true,
+  secure: false,
+
+  toString: function() { return this.name + "=" + this.value },
+  
+  toHeader: function() {
+    var header = this.toString()
     
-    else {
-      // TODO: check for existing header with same name
-      isArray( header ) ? header.push( str ) : header = [ header, str ]
-    }
+    if ( this.path      ) header += "; path=" + this.path
+    if ( this.expires   ) header += "; expires=" + this.expires.toUTCString()
+    if ( this.domain    ) header += "; domain=" + this.domain
+    if ( this.secure    ) header += "; secure"
+    if ( this.httpOnly  ) header += "; httponly"
     
-    this.response.setHeader( "Set-Cookie", header )
-    
-    if ( !opts || !opts.signed ) return this
-    
-    opts = Object.create( opts )
-    opts.signed = false
-    
-    return this.set( name + ".sig", value && this.keys.sign( cookie ), opts )
+    return header
   }
@@ -75,0 +92,0 @@ }

package.json

 {
   "name": "cookies",
-  "version": "0.1.5",
+  "version": "0.1.6",
   "description": "Cookies, optionally signed using Keygrip.",
@@ -5,0 +5,0 @@ "main": "./index",

README.md

@@ -14,2 +14,14 @@ Cookies
     
+## Features
+
+This is the next version of the now deprecated [cookie-node](https://github.com/jed/cookie-node) library, with the following improvements:
+
+* **Lazy**: Since cookie verification against multiple keys could be expensive, cookies are only verified lazily when accessed, not eagerly on each request.
+
+* **Unobtrusive**: Signed cookies are stored the same way as unsigned cookies, instead of in an obfuscated signing format. An additional signature cookie is stored for each signed cookie, using a standard naming convention (_cookie-name_`.sig`). This allows other libraries to access the original cookies without having to know the signing mechanism.
+
+* **Agnostic**: This library is optimized for use with [Keygrip](https://github.com/jed/keygrip), but does not require it; you can implement your own signing scheme instead if you like and use this library only to read/write cookies. Factoring the signing into a separate library encourages code reuse and allows you to use the same signing library for other areas where signing is needed, such as in URLs.
+
+* **Up-to-date**: Whereas the last library was built starting with an v0.1.* version of node without crypto or buffers, this one was built starting with v0.4.1. This means that it's a lot cleaner than the previous version, which was getting crufty after a year of API changes.
+
 ## API
@@ -16,0 +28,0 @@

test.js

@@ -10,3 +10,3 @@ var assert = require( "assert" )
   var cookies = new Cookies( req, res, keys )
-    , insecure, secure, tampered
+    , unsigned, signed, tampered
   
@@ -16,6 +16,6 @@ if ( req.url == "/set" ) {
       // set a regular cookie
-      .set( "insecure", "foo" )
+      .set( "unsigned", "foo", { httpOnly: false } )
 
       // set a signed cookie
-      .set( "secure", "bar", { signed: true } )
+      .set( "signed", "bar", { signed: true } )
 
@@ -30,8 +30,8 @@ // mimic a signed cookie, but with a bogus signature
   
-  insecure = cookies.get( "insecure" )
-  secure = cookies.get( "secure", { signed: true } )
+  unsigned = cookies.get( "unsigned" )
+  signed = cookies.get( "signed", { signed: true } )
   tampered = cookies.get( "tampered", { signed: true } )
   
-  assert.equal( insecure, "foo" )
-  assert.equal( secure, "bar" )
+  assert.equal( unsigned, "foo" )
+  assert.equal( signed, "bar" )
   assert.notEqual( tampered, "baz" )
@@ -42,6 +42,6 @@ assert.equal( tampered, undefined )
   res.end(
-    "insecure expected: foo\n\n" +
-    "insecure actual: " + insecure + "\n\n" +
-    "secure expected: bar\n\n" +
-    "secure actual: " + secure + "\n\n" +
+    "unsigned expected: foo\n\n" +
+    "unsigned actual: " + unsigned + "\n\n" +
+    "signed expected: bar\n\n" +
+    "signed actual: " + signed + "\n\n" +
     "tampered expected: undefined\n\n"+
@@ -48,0 +48,0 @@ "tampered: " + tampered + "\n\n"

No alert changes

Improved metrics

Total package byte prevSize

13100

increased by15.85%

Lines of code

127

increased by12.39%

Number of lines in readme file

118

increased by11.32%

No dependency changes