Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expose signer #193

Merged
merged 14 commits into from
Jul 15, 2022
Merged

Expose signer #193

Show file tree
Hide file tree
Changes from 12 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
b3793c1
feat: expose signer
budarin Jul 11, 2022
3ed5658
fix: code
budarin Jul 12, 2022
b2e5e95
fix: code
budarin Jul 12, 2022
dfd7995
docs: fix
budarin Jul 12, 2022
4c690ab
Update README.md
budarin Jul 12, 2022
03ec13c
docs: fix
budarin Jul 12, 2022
1b238df
Merge branch 'expose-signer' of https://github.com/budarin/fastify-co…
budarin Jul 12, 2022
57fc480
refactor: add fastify.signCookie decorator
budarin Jul 13, 2022
0771c79
Update test/cookie.test.js
budarin Jul 13, 2022
b443c8d
Update test/cookie.test.js
budarin Jul 13, 2022
abb82bc
Update test/cookie.test.js
budarin Jul 13, 2022
f6eed68
fix: code
budarin Jul 13, 2022
c2a16be
refactor: move utilities export to plugin.js
budarin Jul 15, 2022
9fa9ac9
fix: export
budarin Jul 15, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 45 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -201,7 +201,7 @@ the provided signer's (or the default signer if no custom implementation is prov
fastify.register(require('@fastify/cookie'), { secret: 'my-secret' })

fastify.get('/', (req, rep) => {
if (fastify.unsign(req.cookie.foo).valid === false) {
if (fastify.unsignCookie(req.cookie.foo).valid === false) {
rep.send('cookie is invalid')
return
}
Expand All @@ -210,6 +210,50 @@ fastify.get('/', (req, rep) => {
})
```

### Other cases of manual signing

Sometimes the service under test should only accept requests with signed cookies, but it does not generate them itself.

**Example:**

```js

test('Request requires signed cookie', async () => {
const response = await app.inject({
method: 'GET',
url: '/',
headers: {
cookies : {
'sid': app.signCookie(sidValue)
}
},
});

expect(response.statusCode).toBe(200);
});
```

### Manual signing/unsigning with low level utilities

with signerFactory

```js
const { signerFactory } = require('@fastify/cookie');

const signer = signerFactory('secret');
const signedValue = signer.sign('test');
const {valid, renew, value } = signer.unsign(signedValue);
```

with sign/unsign utilities

```js
const { sign, unsign } = require('@fastify/cookie');

const signedValue = sign('test', 'secret');
const unsignedvalue = unsign(signedValue, 'secret');
```


## License

Expand Down
6 changes: 6 additions & 0 deletions cookie.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,13 +28,19 @@

'use strict'

const { sign, unsign } = require('cookie-signature')
const { signerFactory } = require('./signer')

/**
* Module exports.
* @public
*/

exports.parse = parse
exports.serialize = serialize
exports.signerFactory = signerFactory
exports.sign = sign
exports.unsign = unsign
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I landed #194 and now this conflicts. Coul you move these exports to the plugin.js file instead?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ок

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How then should the import of utilities look like?

const cookie = require('@fastify/cookie');
const { signerFactory , sign, unsign } = cookie;

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that works

Copy link
Contributor Author

@budarin budarin Jul 15, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do I understand correctly that exporting to plugin.js should it look like this?

/**
 * These export configurations enable JS and TS developers
 * to consume fastify-cookie in whatever way best suits their needs.
 * Some examples of supported import syntax includes:
 * - `const fastifyCookie = require('fastify-cookie')`
 * - `const { fastifyCookie } = require('fastify-cookie')`
 * - `import * as fastifyCookie from 'fastify-cookie'`
 * - `import { fastifyCookie } from 'fastify-cookie'`
 * - `import fastifyCookie from 'fastify-cookie'`
 */
fastifyCookie.fastifyCookie = fastifyCookie
fastifyCookie.default = fastifyCookie
module.exports = fastifyCookie

fastifyCookie.fastifyCookie.signerFactory = signerFactory;
fastifyCookie.fastifyCookie.sign = sign;
fastifyCookie.fastifyCookie.unsign = unsign;

module.exports.signerFactory = signerFactory;
module.exports.sign = sign;
module.exports.unsign = unsign;

Copy link
Member

@climba03003 climba03003 Jul 15, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Either

fastifyCookie.signerFactory = signerFactory;
fastifyCookie.sign = sign;
fastifyCookie.unsign = unsign;

or

plugin.signerFactory = signerFactory;
plugin.sign = sign;
plugin.unsign = unsign;


/**
* Module variables.
Expand Down
12 changes: 11 additions & 1 deletion plugin.d.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,12 @@ declare module 'fastify' {
parseCookie(cookieHeader: string): {
[key: string]: string;
};
/**
* Manual cookie signing method
* @docs https://github.com/fastify/fastify-cookie#manual-cookie-parsing
* @param value cookie value
*/
signCookie(value: string): string;
}

interface FastifyRequest {
Expand Down Expand Up @@ -105,6 +111,10 @@ interface Signer {
};
}

declare const signerFactory: Signer;
declare const sign: (value: string, secret: string) => string;
declare const unsign: (input: string, secret: string) => string | false;

export interface FastifyCookieOptions {
secret?: string | string[] | Signer;
parseOptions?: CookieSerializeOptions;
Expand All @@ -113,4 +123,4 @@ export interface FastifyCookieOptions {
declare const fastifyCookie: FastifyPluginCallback<NonNullable<FastifyCookieOptions>>;

export default fastifyCookie;
export { fastifyCookie };
export { fastifyCookie, signerFactory, sign, unsign };
5 changes: 5 additions & 0 deletions plugin.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ function plugin (fastify, options, next) {
const signer = typeof secret === 'string' || enableRotation ? signerFactory(secret) : secret

fastify.decorate('parseCookie', parseCookie)
fastify.decorate('signCookie', signCookie)
fastify.decorate('unsignCookie', unsignCookie)

fastify.decorateRequest('cookies', null)
Expand All @@ -76,6 +77,10 @@ function plugin (fastify, options, next) {
return cookie.parse(cookieHeader, options.parseOptions)
}

function signCookie (value) {
return signer.sign(value)
}

function unsignCookie (value) {
return signer.unsign(value)
}
Expand Down
20 changes: 20 additions & 0 deletions test/cookie.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -701,3 +701,23 @@ test('cookies set with plugin options parseOptions field', (t) => {
}
)
})

test('create signed cookie manually using signCookie decorator', async (t) => {
const fastify = Fastify()

await fastify.register(plugin, { secret: 'secret' })

fastify.get('/test1', (req, reply) => {
reply.send({
unsigned: req.unsignCookie(req.cookies.foo)
})
})

const res = await fastify.inject({
method: 'GET',
url: '/test1',
headers: { cookie: `foo=${fastify.signCookie('bar')}` }
})
t.equal(res.statusCode, 200)
t.same(JSON.parse(res.body), { unsigned: { value: 'bar', renew: false, valid: true } })
})