UNPKG

secure-cookie

Version:

Cookie library/middleware with signing and encryption support

github.com/ayZagen/secure-cookie

ayZagen/secure-cookie

81 lines 4.59 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
/// <reference types="node" /> import { IncomingMessage, ServerResponse } from 'http'; import { CookieAttrs } from './cookie'; import { KeyStore } from "./keystore"; import type { Http2ServerRequest, Http2ServerResponse } from "http2"; declare type SignIdentifier = string | ((name: string) => string); export declare type CookiesOptions = { /** * KeyStore to be used for signing and encrypting */ keyStore?: KeyStore; /** * a boolean indicating whether the cookie is to be signed (`false` by default). If this is true, another cookie of the same name with the `signIdentifier` will also be sent, with a 27-byte url-safe base64 SHA1 value representing the hash of _cookie-name_=_cookie-value_ against the first [KeyStore](keystore) key. This signature key is used to detect tampering the next time a cookie is received. * @default false */ signed?: boolean; /** * Encrypt cookies by default and assume received cookies are encrypted. * @default false */ encrypted?: boolean; /** * Mark cookies as secure by default. * @default `req.protocol` */ secure?: boolean; /** * If string, provided value will be appended cookie name with dot. For example with given value `mysig` * signature cookie name will be `cookiename.mysig` * * @default `sig` */ signIdentifier?: SignIdentifier; }; export declare type SetCookieOptions = CookiesOptions & CookieAttrs; export declare type GetCookieOptions = CookiesOptions; export declare class Cookies { secure: CookiesOptions["secure"]; encrypted: boolean; signed: boolean; keyStore: KeyStore; signIdentifier?: SignIdentifier; readonly request: IncomingMessage | Http2ServerRequest; readonly response: ServerResponse | Http2ServerResponse; constructor(request: IncomingMessage | Http2ServerRequest, response: ServerResponse | Http2ServerResponse, options?: CookiesOptions); /** * This extracts the cookie with the given name from the Set-Cookie header in the request. If such a cookie exists, its value is returned. Otherwise, nothing is returned. * * `{ signed: true }` can optionally be passed as the second parameter options. In this case, a signature cookie (a cookie of same name ending with the .sig suffix appended) is fetched. If no such cookie exists, nothing is returned. * * If the signature cookie does exist, the provided KeyStore is used to check whether the hash of cookie-name=cookie-value matches that of any registered key/s: * * - If the signature cookie hash matches the first key, the original cookie value is returned. * - If the signature cookie hash matches any other key, the original cookie value is returned AND an outbound header is set to update the signature cookie's value to the hash of the first key. This enables automatic freshening of signature cookies that have become stale due to key rotation. * - If the signature cookie hash does not match any key, nothing is returned, and an outbound header with an expired date is used to delete the cookie. * * `{ encrypted: true }` can optionally be passed as the second parameter options. In this case, the provided KeyStore will try to decrypt the cookie value with registered key/s. * * - If the decryption fails nothing is returned, and the cookie stays intact. * - If decryption succeeds, decrypted cookie value is returned. * * If both `signed` and `encrypted` options are provided, signature check will be applied with encrypted value. Than the decryption will be applied. * @param name * @param opts */ get(name: string, opts?: GetCookieOptions): string | undefined; /** * This sets the given cookie in the response and returns the current context to allow chaining. * * @param name Cookie name * @param value Cookie value. If this is omitted, an outbound header with an expired date is used to delete the cookie. * @param opts Overridden options */ set(name: string, value?: string | null, opts?: SetCookieOptions): Cookies; static middleware: (options?: CookiesOptions | undefined) => (req: any, res: any, next: any) => void; static connect: (options?: CookiesOptions | undefined) => (req: any, res: any, next: any) => void; static express: (options?: CookiesOptions | undefined) => (req: any, res: any, next: any) => void; static koa: (options?: CookiesOptions | undefined) => (ctx: any, next: any) => any; } export {}; //# sourceMappingURL=cookies.d.ts.map