ianstormtaylor · jehincastic · Oct 31, 2020
diff --git a/docs/reference.md b/docs/reference.md
@@ -66,6 +66,7 @@ const permit = new Bearer({
   basic: String,
   header: String,
   query: String,
+  cookie: String,
 })
 ```
 
@@ -74,6 +75,7 @@ The `Bearer` permit checks for credentials in the form of a secret bearer token
 * `basic` — Either `'username'` or `'password'` denoting which field of the HTTP Basic Auth to use as a fallback.
 * `header` — A custom header key to check as a fallback.
 * `query` — A query parameter key to check as a fallback.
+* `cookie` — A cookie parameter key to check as a fallback.
 
 ### `Permit`
 

diff --git a/src/bearer.js b/src/bearer.js
@@ -3,16 +3,17 @@ import Permit from './permit'
 
 class Bearer extends Permit {
   constructor(options = {}) {
-    const { basic, header, query, ...rest } = options
+    const { basic, header, query, cookie, ...rest } = options
     const scheme = basic ? ['Bearer', 'Basic'] : 'Bearer'
     super({ scheme, ...rest })
     this.basic = basic
     this.header = header
     this.query = query
+    this.cookie = cookie
   }
 
   check(req) {
-    const { basic, header, query, proxy } = this
+    const { basic, header, query, proxy, cookie } = this
     const auth = req.headers
       ? proxy ? req.headers['proxy-authorization'] : req.headers.authorization
       : null
@@ -53,6 +54,16 @@ class Bearer extends Permit {
         return parsed.query[query]
       }
     }
+
+    if (cookie) {
+      const cookies = req.headers ? req.headers.cookie : null
+      if (cookies) {
+        const cookieObj = this.parseCookies(cookies)
+        if (cookieObj.hasOwnProperty(cookie)) {
+          return cookieObj[cookie]
+        }
+      }
+    }
   }
 }
 

diff --git a/src/permit.js b/src/permit.js
@@ -20,6 +20,14 @@ class Permit {
       res.setHeader(key, value)
     })
   }
+
+  parseCookies(cookieString) {
+    const rx = /([^;=\s]*)=([^;]*)/g
+    const obj = {}
+    for (let m; (m = rx.exec(cookieString)); )
+      obj[m[1]] = decodeURIComponent(m[2])
+    return obj
+  }
 }
 
 export default Permit
diff --git a/test/fixtures/bearer/cookie-none.js b/test/fixtures/bearer/cookie-none.js
@@ -0,0 +1,12 @@
+import { Bearer } from '../../..'
+
+export const permit = new Bearer({
+  cookie: 'token',
+})
+
+export const request = {
+  method: 'GET',
+  url: '/',
+}
+
+export const credentials = undefined
diff --git a/test/fixtures/bearer/cookie.js b/test/fixtures/bearer/cookie.js
@@ -0,0 +1,15 @@
+import { Bearer } from '../../..'
+
+export const permit = new Bearer({
+  cookie: 'token',
+})
+
+export const request = {
+  method: 'GET',
+  url: '/',
+  headers: {
+    cookie: 'token=token',
+  },
+}
+
+export const credentials = 'token'