index.js
3.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
/*!
* cookie-parser
* Copyright(c) 2014 TJ Holowaychuk
* Copyright(c) 2015 Douglas Christopher Wilson
* MIT Licensed
*/
'use strict';
/**
* Module dependencies.
* @private
*/
var cookie = require('cookie');
var signature = require('cookie-signature');
/**
* Module exports.
* @public
*/
module.exports = cookieParser;
module.exports.JSONCookie = JSONCookie;
module.exports.JSONCookies = JSONCookies;
module.exports.signedCookie = signedCookie;
module.exports.signedCookies = signedCookies;
/**
* Parse Cookie header and populate `req.cookies`
* with an object keyed by the cookie names.
*
* @param {string|array} [secret] A string (or array of strings) representing cookie signing secret(s).
* @param {Object} [options]
* @return {Function}
* @public
*/
function cookieParser(secret, options) {
return function cookieParser(req, res, next) {
if (req.cookies) {
return next();
}
var cookies = req.headers.cookie;
var secrets = !secret || Array.isArray(secret)
? (secret || [])
: [secret];
req.secret = secrets[0];
req.cookies = Object.create(null);
req.signedCookies = Object.create(null);
// no cookies
if (!cookies) {
return next();
}
req.cookies = cookie.parse(cookies, options);
// parse signed cookies
if (secrets.length !== 0) {
req.signedCookies = signedCookies(req.cookies, secrets);
req.signedCookies = JSONCookies(req.signedCookies);
}
// parse JSON cookies
req.cookies = JSONCookies(req.cookies);
next();
};
}
/**
* Parse JSON cookie string.
*
* @param {String} str
* @return {Object} Parsed object or undefined if not json cookie
* @public
*/
function JSONCookie(str) {
if (typeof str !== 'string' || str.substr(0, 2) !== 'j:') {
return undefined;
}
try {
return JSON.parse(str.slice(2));
} catch (err) {
return undefined;
}
}
/**
* Parse JSON cookies.
*
* @param {Object} obj
* @return {Object}
* @public
*/
function JSONCookies(obj) {
var cookies = Object.keys(obj);
var key;
var val;
for (var i = 0; i < cookies.length; i++) {
key = cookies[i];
val = JSONCookie(obj[key]);
if (val) {
obj[key] = val;
}
}
return obj;
}
/**
* Parse a signed cookie string, return the decoded value.
*
* @param {String} str signed cookie string
* @param {string|array} secret
* @return {String} decoded value
* @public
*/
function signedCookie(str, secret) {
if (typeof str !== 'string') {
return undefined;
}
if (str.substr(0, 2) !== 's:') {
return str;
}
var secrets = !secret || Array.isArray(secret)
? (secret || [])
: [secret];
for (var i = 0; i < secrets.length; i++) {
var val = signature.unsign(str.slice(2), secrets[i]);
if (val !== false) {
return val;
}
}
return false;
}
/**
* Parse signed cookies, returning an object containing the decoded key/value
* pairs, while removing the signed key from obj.
*
* @param {Object} obj
* @param {string|array} secret
* @return {Object}
* @public
*/
function signedCookies(obj, secret) {
var cookies = Object.keys(obj);
var dec;
var key;
var ret = Object.create(null);
var val;
for (var i = 0; i < cookies.length; i++) {
key = cookies[i];
val = obj[key];
dec = signedCookie(val, secret);
if (val !== dec) {
ret[key] = dec;
delete obj[key];
}
}
return ret;
}