egg-cookies - npm Package Compare versions

egg-cookies

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Comparing version 2.1.0 to 2.2.0

History.md


		2.2.0 / 2017-02-21
		==================

		* feat: check cookie value's length (#4)
		* feat: support cookie.sameSite (#3)

		2.1.0 / 2016-11-22
		@@ -3,0 +9,0 @@ ==================

lib/cookie.js

		@@ -15,2 +15,9 @@ 'use strict';

		/**
		* RegExp to match Same-Site cookie attribute value.
		* https://en.wikipedia.org/wiki/HTTP_cookie#SameSite_cookie
		*/

		const sameSiteRegExp = /^(?:lax\|strict)$/i;

		class Cookie {
		@@ -26,3 +33,3 @@ constructor(name, value, attrs) {
		assert(!this.attrs.domain \|\| fieldContentRegExp.test(this.attrs.domain), 'argument option domain is invalid');

		assert(!this.attrs.sameSite \|\| this.attrs.sameSite === true \|\| sameSiteRegExp.test(this.attrs.sameSite), 'argument option sameSite is invalid');
		if (!value) this.attrs.expires = new Date(0);
		@@ -42,2 +49,3 @@ }
		if (attrs.domain) header += '; domain=' + attrs.domain;
		if (attrs.sameSite) header += '; samesite=' + (attrs.sameSite === true ? 'strict' : attrs.sameSite.toLowerCase());
		if (attrs.secure) header += '; secure';
		@@ -50,3 +58,3 @@ if (attrs.httpOnly) header += '; httponly';

		const ATTRS = [ 'path', 'expires', 'domain', 'httpOnly', 'secure', 'maxAge', 'overwrite' ];
		const ATTRS = [ 'path', 'expires', 'domain', 'httpOnly', 'secure', 'maxAge', 'overwrite', 'sameSite' ];
		function mergeDefaultAttrs(attrs) {
		@@ -58,2 +66,3 @@ const merged = {
		overwrite: false,
		sameSite: false,
		};
		@@ -60,0 +69,0 @@ if (!attrs) return merged;

lib/cookies.js

		@@ -7,2 +7,3 @@ 'use strict';
		const Cookie = require('./cookie');
		const EventEmitter = require('events');

		@@ -18,4 +19,5 @@ const KEYS_ARRAY = Symbol('eggCookies:keysArray');

		class Cookies {
		class Cookies extends EventEmitter {
		constructor(ctx, keys) {
		super();
		this[KEYS_ARRAY] = keys;
		@@ -104,2 +106,8 @@ this._keys = keys;
		}

		// http://browsercookielimits.squawky.net/
		if (value.length > 4093) {
		this.emit('cookieLimitExceed', { name, value });
		}

		const cookie = new Cookie(name, value, opts);
		@@ -106,0 +114,0 @@ headers = pushCookie(headers, cookie);

package.json

		{
		"name": "egg-cookies",
		"version": "2.1.0",
		"version": "2.2.0",
		"description": "cookies module for egg",
		@@ -5,0 +5,0 @@ "files": [

README.md

		@@ -23,3 +23,31 @@ # egg-cookies

		Extends [pillarjs/cookies](https://github.com/pillarjs/cookies),
		add `encrypt` feature base on `app.keys`.
		Extends [pillarjs/cookies](https://github.com/pillarjs/cookies) to adapt koa and egg with some additional features.

		### Encrypt

		egg-cookies provide an alternative `encrypt` mode like `signed`. An encrypt cookie's value will be encrypted base on keys. Anyone who don't have the keys are unable to know the original cookie's value.

		```js
		const Cookies = require('egg-cookies');
		const cookies = new Cookies(ctx, keys);

		cookies.set('foo', 'bar', { encrypt: true });
		cookies.get('foo', { encrypt: true });
		```

		Note: you should both indicating in get and set in pairs.

		### Cookie Length Check

		[Browsers all had some limitation in cookie's length](http://browsercookielimits.squawky.net/), so if set a cookie with an extremely long value(> 4093), egg-cookies will emit an `cookieLimitExceed` event. You can listen to this event and record.

		```js
		const Cookies = require('egg-cookies');
		const cookies = new Cookies(ctx, keys);

		cookies.on('cookieLimitExceed', { name, value } => {
		// log
		});

		cookies.set('foo', longText);
		```

New alerts