UNPKG

@fastify/secure-session

Version:

Create a secure stateless cookie session for Fastify

github.com/fastify/fastify-secure-session

fastify/fastify-secure-session

103 lines (88 loc) 2.45 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
'use strict' const { test } = require('node:test') const sodium = require('sodium-native') const key = Buffer.alloc(sodium.crypto_secretbox_KEYBYTES) sodium.randombytes_buf(key) test('Clears the session data except for specified keys when regenerate is called', async t => { const maxAge = 3600 const fastify = require('fastify')({ logger: false }) t.after(() => fastify.close()) await fastify.register(require('../'), { key, cookie: { path: '/', maxAge } }) fastify.post('/login', (request, reply) => { request.session.set('user', request.body.user) request.session.set('email', request.body.email) reply.send('Welcome back!') }) fastify.get('/regen', (request, reply) => { let ignoredKeys if (request.query.key) { if (Array.isArray(request.query.key)) { ignoredKeys = request.query.key } else { ignoredKeys = [request.query.key] } } request.session.regenerate(ignoredKeys) reply.send('regenerated') }) fastify.get('/session', (request, reply) => { reply.send(request.session.data()) }) const loginResponse = await fastify.inject({ method: 'POST', url: '/login', payload: { user: 'username', email: 'me@here.fine' } }) const sessionResponse = await fastify.inject({ method: 'GET', url: '/session', headers: { cookie: loginResponse.headers['set-cookie'] } }) t.assert.deepStrictEqual(sessionResponse.json(), { user: 'username', email: 'me@here.fine' }) const regeneratePartialResponse = await fastify.inject({ method: 'GET', url: '/regen?key=user', headers: { cookie: loginResponse.headers['set-cookie'] } }) const sessionAfterRegenPartialResponse = await fastify.inject({ method: 'GET', url: '/session', headers: { cookie: regeneratePartialResponse.headers['set-cookie'] } }) t.assert.deepStrictEqual(sessionAfterRegenPartialResponse.json(), { user: 'username' }) const regenerateAllResponse = await fastify.inject({ method: 'GET', url: '/regen', headers: { cookie: loginResponse.headers['set-cookie'] } }) const sessionAfterRegenAllResponse = await fastify.inject({ method: 'GET', url: '/session', headers: { cookie: regenerateAllResponse.headers['set-cookie'] } }) t.assert.deepStrictEqual(sessionAfterRegenAllResponse.json(), {}) })