npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@goa/cookies

v2.0.1

Published

[fork] Signed And Unsigned Cookies Based On Keygrip Written In ES6 And Optimised With JavaScript Compiler.

Downloads

17

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

zvrzvr

Keywords

cookiesgoahttp

Readme

@goa/cookies

npm version

@goa/cookies is a fork of 🗝 Signed And Unsigned Cookies Based On Keygrip Written In ES6, Annotated With Externs And Optimised With JavaScript Compiler.

yarn add @goa/cookies

Table Of Contents

API

The package is available by importing its default function:

import Cookies, { Keygrip, express, connect } from '@goa/cookies'

The deprecated secureProxy, maxage attributes of a cookie have been removed. The constructor only accepts the { keys: Array<string>|Keygrip } option, without being able to pass keys as an array, or Keygrip as an object. Please make sure no middleware is using these options.

class Cookies

Cookies is a Node.JS module for getting and setting HTTP(S) cookies. Cookies can be signed to prevent tampering, using Keygrip. It can be used with the built-in Node.JS HTTP library, or as Connect/Express middleware.

constructor(  request: !http.IncomingMessage,  response: !http.ServerResponse,  options=: !CookiesOptions,): Cookies

Creates a new cookies object to handle cookies.

  • request* !http.IncomingMessage: The request object.
  • response* !http.ServerResponse: The response object.
  • options !CookiesOptions (optional): Options for the constructor.

This creates a cookie jar corresponding to the current request and response, additionally passing an object options.

A Keygrip object or an array of keys can optionally be passed as options.keys to enable cryptographic signing based on SHA1 HMAC, using rotated credentials.

A Boolean can optionally be passed as options.secure to explicitly specify if the connection is secure, rather than this module examining request.

Note that since this only saves parameters without any other processing, it is very lightweight. Cookies are only parsed on demand when they are accessed.

CookiesOptions: Options for the constructor.

| Name | Type | Description | | ------ | ------------------------------------------ | -------------------------------------------------------------------------------------------- | | keys | !(Array<string> | Keygrip) | The array of keys, or the Keygrip object. | | secure | boolean | Explicitly specifies if the connection is secure, rather than this module examining request. |

import Cookies from '@goa/cookies'
import aqt from '@rqt/aqt'
import { createServer } from 'http'

// Optionally define keys to sign cookie values
// to prevent client tampering
const keys = ['keyboard cat']

const server = createServer((req, res) => {
  // Create a cookies object
  const cookies = new Cookies(req, res, { keys: keys })

  // Get a cookie
  const lastVisit = cookies.get('LastVisit', { signed: true })

  // Set the cookie to a value
  cookies.set('LastVisit', new Date().toISOString(), { signed: true })

  if (!lastVisit) {
    res.setHeader('Content-Type', 'text/plain')
    res.end('Welcome, first time visitor!')
  } else {
    res.setHeader('Content-Type', 'text/plain')
    res.end('Welcome back! Nothing much changed since your last visit at ' + lastVisit + '.')
  }
})

server.listen(async () => {
  const url = `http://localhost:${server.address().port}`
  console.log(url)
  let { body, headers } = await aqt(url)
  console.log(body, headers['set-cookie'].join('\n'))
  ;({ body } = await aqt(url, {
    headers: { Cookie: headers['set-cookie'] },
  }))
  console.log(body)
  server.close()
})
http://localhost:55787
Welcome, first time visitor! LastVisit=2019-12-18T21:05:54.405Z; path=/; httponly
LastVisit.sig=RosnWirAT9-4bEgbxceOxUEQv-c; path=/; httponly
Welcome back! Nothing much changed since your last visit at 2019-12-18T21:05:54.405Z.

The overview of the Cookies interface is found in wiki.

set(  name: string,  value=: ?string,  attributes=: !CookieSetOptions,): void

This sets the given cookie in the response and returns the current context to allow chaining. If the value is omitted, an outbound header with an expired date is used to delete the cookie.

  • name* string: The name of the cookie to set.
  • value ?string (optional): The value to set.
  • attributes !CookieSetOptions (optional): The attributes and signed option.

CookieSetOptions extends CookieAttributes: How the cookie will be set.

| Name | Type | Description | Default | | ------ | ---------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | | signed | boolean | Indicating whether the cookie is to be signed. If this is true, another cookie of the same name with the .sig suffix appended will also be sent, with a 27-byte url-safe base64 SHA1 value representing the hash of cookie-name=cookie-value against the first Keygrip key. This signature key is used to detect tampering the next time a cookie is received. | false |

The attributes accepted by the cookie instance are listed in wiki.

get(  name: string,  opts=: { signed: boolean },): string|undefined

This extracts the cookie with the given name from the Cookie header in the request. If such a cookie exists, its value is returned. Otherwise, nothing is returned. { signed: true } can optionally be passed as the second parameter options. In this case, a signature cookie (a cookie of same name ending with the .sig suffix appended) is fetched. If no such cookie exists, nothing is returned. If the signature cookie does exist, the provided Keygrip object is used to check whether the hash of cookie-name=cookie-value matches that of any registered key:

  • If the signature cookie hash matches the first key, the original cookie value is returned.

  • If the signature cookie hash matches any other key, the original cookie value is returned AND an outbound header is set to update the signature cookie's value to the hash of the first key. This enables automatic freshening of signature cookies that have become stale due to key rotation.

  • If the signature cookie hash does not match any key, nothing is returned, and an outbound header with an expired date is used to delete the cookie.

  • name* string: The name of the cookie to get.

  • opts { signed: boolean } (optional): The options.

Wiki

Wiki contains the following pages with additional information about the package.

🍪 Cookie Attributes

🚄 Express And Connect Middleware Constructor

⚜️ Keygrip

🔗 View Compiler Externs

Copyright & License

GNU Affero General Public License v3.0

Original source, documentation and testing by Jed Schmidt and Douglas Christopher Wilson under MIT license found in COPYING file.

Forked Off cookies 0.7.3 Apr 24

Current: npm version