How to use cookie-signature - 10 common examples

To help you get started, we’ve selected a few cookie-signature examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github ymichael / puton / node_modules / express / node_modules / connect / lib / middleware / session.js View on Github external
, tls = req.connection.encrypted || (trustProxy && 'https' == proto)
        , secured = cookie.secure && tls
        , isNew = unsignedCookie != req.sessionID;

      // only send secure cookies via https
      if (cookie.secure && !secured) return debug('not secured');

      // browser-session length cookie
      if (null == cookie.expires) {
        if (!isNew) return debug('already set browser-session cookie');
      // compare hashes and ids
      } else if (originalHash == hash(req.session) && originalId == req.session.id) {
        return debug('unmodified session');
      }

      var val = 's:' + signature.sign(req.sessionID, secret);
      val = cookie.serialize(key, val);
      debug('set-cookie %s', val);
      res.setHeader('Set-Cookie', val);
    });
github ifgyong / demo / React-native / Helloword / node_modules / csurf / index.js View on Github external
function setsecret(req, res, sessionKey, val, cookie) {
    if (cookie) {
        // set secret on cookie
        if (cookie.signed) {
            var secret = req.secret

            if (!secret) {
                throw new Error('cookieParser("secret") required for signed cookies')
            }

            val = 's:' + sign(val, secret)
        }

        setcookie(res, cookie.key, val, cookie);
    } else if (req[sessionKey]) {
        // set secret on session
        req[sessionKey].csrfSecret = val
    } else {
        /* istanbul ignore next: should never actually run */
        throw new Error('misconfigured csrf')
    }
}
github entermedia-community / entermedia-server / webapp / examples / annotations / workspace / node_modules / express / lib / response.js View on Github external
res.cookie = function(name, val, options){
  options = mixin({}, options);
  var secret = this.req.secret;
  var signed = options.signed;
  if (signed && !secret) throw new Error('cookieParser("secret") required for signed cookies');
  if ('number' == typeof val) val = val.toString();
  if ('object' == typeof val) val = 'j:' + JSON.stringify(val);
  if (signed) val = 's:' + sign(val, secret);
  if ('maxAge' in options) {
    options.expires = new Date(Date.now() + options.maxAge);
    options.maxAge /= 1000;
  }
  if (null == options.path) options.path = '/';
  var headerVal = cookie.serialize(name, String(val), options);

  // supports multiple 'res.cookie' calls by getting previous value
  var prev = this.get('Set-Cookie');
  if (prev) {
    if (Array.isArray(prev)) {
      headerVal = prev.concat(headerVal);
    } else {
      headerVal = [prev, headerVal];
    }
  }
github andreirtaylor / BoardGameTracking / node_modules / express / lib / response.js View on Github external
res.cookie = function(name, val, options){
  options = merge({}, options);
  var secret = this.req.secret;
  var signed = options.signed;
  if (signed && !secret) throw new Error('cookieParser("secret") required for signed cookies');
  if ('number' == typeof val) val = val.toString();
  if ('object' == typeof val) val = 'j:' + JSON.stringify(val);
  if (signed) val = 's:' + sign(val, secret);
  if ('maxAge' in options) {
    options.expires = new Date(Date.now() + options.maxAge);
    options.maxAge /= 1000;
  }
  if (null == options.path) options.path = '/';
  var headerVal = cookie.serialize(name, String(val), options);

  // supports multiple 'res.cookie' calls by getting previous value
  var prev = this.get('Set-Cookie');
  if (prev) {
    if (Array.isArray(prev)) {
      headerVal = prev.concat(headerVal);
    } else {
      headerVal = [prev, headerVal];
    }
  }
github bubkoo / grunt-restful-mock / tasks / lib / router.js View on Github external
options = merge({}, options);
  var secret = req.secret;
  var signed = options.signed;

  if (signed && !secret) {
    throw new Error('cookieParser("secret") required for signed cookies');
  }

  if ('number' === typeof val) {
    val = val.toString();
  }
  if ('object' === typeof val) {
    val = 'j:' + JSON.stringify(val);
  }
  if (signed) {
    val = 's:' + sign(val, secret);
  }
  if ('maxAge' in options) {
    options.expires = new Date(Date.now() + options.maxAge);
    options.maxAge /= 1000;
  }
  if (null == options.path) {
    options.path = '/';
  }


  var headerVal = cookie.serialize(name, String(val), options);

  // supports multiple 'res.cookie' calls by getting previous value
  var prev = res.getHeader('Set-Cookie');
  if (prev) {
    if (Array.isArray(prev)) {
github cdapio / cdap / server / sandbox / node_modules / connect / lib / middleware / session.js View on Github external
, tls = req.connection.encrypted || (trustProxy && 'https' == proto)
        , secured = cookie.secure && tls
        , isNew = unsignedCookie != req.sessionID;

      // only send secure cookies via https
      if (cookie.secure && !secured) return debug('not secured');

      // browser-session length cookie
      if (null == cookie.expires) {
        if (!isNew) return debug('already set browser-session cookie');
      // compare hashes and ids
      } else if (originalHash == hash(req.session) && originalId == req.session.id) {
        return debug('unmodified session');
      }

      var val = 's:' + signature.sign(req.sessionID, secret);
      val = cookie.serialize(key, val);
      debug('set-cookie %s', val);
      res.setHeader('Set-Cookie', val);
    });
github architect / functions / src / http / session / providers / ddb / index.js View on Github external
if (!callback) {
    promise = new Promise(function(res, rej) {
      callback = function(err, result) {
        err ? rej(err) : res(result)
      }
    })
  }

  // read dynamo session table
  let name = process.env.SESSION_TABLE_NAME || 'arc-sessions'
  let secret = process.env.ARC_APP_SECRET || process.env.ARC_APP_NAME || 'fallback'
  // TODO: uppercase 'Cookie' is not the header name on AWS Lambda; it's
  // lowercase 'cookie' on lambda...
  let jar = cookie.parse(request.headers && request.headers.Cookie? request.headers.Cookie || '': '')
  let sesh = jar.hasOwnProperty('_idx')
  let valid = unsign(jar._idx || '', secret)

  // find or create a new session
  let exec = sesh && valid? find.bind({}, name) : create.bind({}, name)
  let params = sesh && valid? valid : {}

  exec(params, callback)
  return promise
}
github adonisjs / adonis-framework / test / unit / response.spec.js View on Github external
const config = new Config()
      config.set('app.appKey', SECRET)
      const response = new Response(new Request(req, res), config)
      response.cookie('cart_total', '20')
      response.send('')
      response.end()
    })

    const { headers } = await supertest(server).get('/').expect(200)
    const encrypter = simpleEncryptor({
      key: SECRET,
      hmac: false
    })

    assert.strictEqual(
      sig.unsign(
        encrypter.decrypt(querystring.unescape(headers['set-cookie'][0].replace('cart_total=', ''))).replace('s:', ''),
        SECRET
      ),
      '20'
    )
  })
github bfrgoncalves / Online-PhyloViZ / node_modules / express / lib / response.js View on Github external
res.cookie = function (name, value, options) {
  var opts = merge({}, options);
  var secret = this.req.secret;
  var signed = opts.signed;

  if (signed && !secret) {
    throw new Error('cookieParser("secret") required for signed cookies');
  }

  var val = typeof value === 'object'
    ? 'j:' + JSON.stringify(value)
    : String(value);

  if (signed) {
    val = 's:' + sign(val, secret);
  }

  if ('maxAge' in opts) {
    opts.expires = new Date(Date.now() + opts.maxAge);
    opts.maxAge /= 1000;
  }

  if (opts.path == null) {
    opts.path = '/';
  }

  this.append('Set-Cookie', cookie.serialize(name, String(val), opts));

  return this;
};
github howarddierking / RestBugs / RestBugs-Node / node_modules / express / lib / response.js View on Github external
res.cookie = function(name, val, options){
  options = utils.merge({}, options);
  var secret = this.req.secret;
  var signed = options.signed;
  if (signed && !secret) throw new Error('connect.cookieParser("secret") required for signed cookies');
  if ('number' == typeof val) val = val.toString();
  if ('object' == typeof val) val = 'j:' + JSON.stringify(val);
  if (signed) val = 's:' + sign(val, secret);
  if ('maxAge' in options) {
    options.expires = new Date(Date.now() + options.maxAge);
    options.maxAge /= 1000;
  }
  if (null == options.path) options.path = '/';
  this.set('Set-Cookie', cookie.serialize(name, String(val), options));
  return this;
};

cookie-signature

Sign and unsign cookies

MIT
Latest version published 12 months ago

Package Health Score

74 / 100
Full package analysis

Popular cookie-signature functions