Skip to content
This repository
Browse code

replace signature utils with cookie-signature module

  • Loading branch information...
commit 111baa558eef9c3854c47af293cb326c0bf8617a 1 parent 3a3799c
TJ Holowaychuk authored October 15, 2012
3  lib/middleware/cookieSession.js
@@ -12,6 +12,7 @@
12 12
 var utils = require('./../utils')
13 13
   , Cookie = require('./session/cookie')
14 14
   , debug = require('debug')('connect:cookieSession')
  15
+  , signature = require('cookie-signature')
15 16
   , crc16 = require('crc').crc16;
16 17
 
17 18
 // environment
@@ -107,7 +108,7 @@ module.exports = function cookieSession(options){
107 108
       if (originalHash == crc16(val)) return debug('unmodified session');
108 109
 
109 110
       // set-cookie
110  
-      val = 's:' + utils.sign(val, secret);
  111
+      val = 's:' + signature.sign(val, secret);
111 112
       val = cookie.serialize(key, val);
112 113
       debug('set-cookie %j', cookie);
113 114
       res.setHeader('Set-Cookie', val);
3  lib/middleware/session.js
@@ -13,6 +13,7 @@
13 13
 var Session = require('./session/session')
14 14
   , debug = require('debug')('connect:session')
15 15
   , MemoryStore = require('./session/memory')
  16
+  , signature = require('cookie-signature')
16 17
   , Cookie = require('./session/cookie')
17 18
   , Store = require('./session/store')
18 19
   , utils = require('./../utils')
@@ -265,7 +266,7 @@ function session(options){
265 266
         return debug('unmodified session');
266 267
       }
267 268
 
268  
-      var val = 's:' + utils.sign(req.sessionID, secret);
  269
+      var val = 's:' + signature.sign(req.sessionID, secret);
269 270
       val = cookie.serialize(key, val);
270 271
       debug('set-cookie %s', val);
271 272
       res.setHeader('Set-Cookie', val);
7  lib/utils.js
@@ -13,6 +13,7 @@
13 13
 var http = require('http')
14 14
   , crypto = require('crypto')
15 15
   , parse = require('url').parse
  16
+  , signature = require('cookie-signature')
16 17
   , Path = require('path')
17 18
   , fs = require('fs');
18 19
 
@@ -134,6 +135,7 @@ exports.uid = function(len) {
134 135
  */
135 136
 
136 137
 exports.sign = function(val, secret){
  138
+  console.warn('do not use utils.sign(), use https://github.com/visionmedia/node-cookie-signature')
137 139
   return val + '.' + crypto
138 140
     .createHmac('sha256', secret)
139 141
     .update(val)
@@ -152,6 +154,7 @@ exports.sign = function(val, secret){
152 154
  */
153 155
 
154 156
 exports.unsign = function(val, secret){
  157
+  console.warn('do not use utils.unsign(), use https://github.com/visionmedia/node-cookie-signature')
155 158
   var str = val.slice(0, val.lastIndexOf('.'));
156 159
   return exports.sign(str, secret) == val
157 160
     ? str
@@ -173,7 +176,7 @@ exports.parseSignedCookies = function(obj, secret){
173 176
   Object.keys(obj).forEach(function(key){
174 177
     var val = obj[key];
175 178
     if (0 == val.indexOf('s:')) {
176  
-      val = exports.unsign(val.slice(2), secret);
  179
+      val = signature.unsign(val.slice(2), secret);
177 180
       if (val) {
178 181
         ret[key] = val;
179 182
         delete obj[key];
@@ -194,7 +197,7 @@ exports.parseSignedCookies = function(obj, secret){
194 197
 
195 198
 exports.parseSignedCookie = function(str, secret){
196 199
   return 0 == str.indexOf('s:')
197  
-    ? exports.unsign(str.slice(2), secret)
  200
+    ? signature.unsign(str.slice(2), secret)
198 201
     : str;
199 202
 };
200 203
 
1  package.json
@@ -8,6 +8,7 @@
8 8
   "dependencies": {
9 9
     "qs": "0.5.1",
10 10
     "formidable": "1.0.11",
  11
+    "cookie-signature": "0.0.1",
11 12
     "crc": "0.2.0",
12 13
     "cookie": "0.0.4",
13 14
     "bytes": "0.0.1",
6  test/cookieParser.js
... ...
@@ -1,6 +1,6 @@
1 1
 
2  
-var connect = require('../')
3  
-  , utils = connect.utils;
  2
+var connect = require('..')
  3
+  , signature = require('cookie-signature');
4 4
 
5 5
 var app = connect();
6 6
 
@@ -40,7 +40,7 @@ describe('connect.cookieParser()', function(){
40 40
   })
41 41
 
42 42
   describe('when a secret is given', function(){
43  
-    var val = utils.sign('foobarbaz', 'keyboard cat');
  43
+    var val = signature.sign('foobarbaz', 'keyboard cat');
44 44
     // TODO: "bar" fails...
45 45
 
46 46
     it('should populate req.signedCookies', function(done){
29  test/utils.js
@@ -26,35 +26,6 @@ describe('utils.parseCacheControl(str)', function(){
26 26
   })
27 27
 })
28 28
 
29  
-describe('utils.[un]sign()', function(){
30  
-  it('should sign & unsign values', function(){
31  
-    var val = utils.sign('something', 'foo');
32  
-    val.should.equal('something.8WhA0qtnmrX5qoz9Z/VgxMJ+fk24BikrI+Zqndxv54k');
33  
-
34  
-    val = utils.unsign('something.8WhA0qtnmrX5qoz9Z/VgxMJ+fk24BikrI+Zqndxv54k', 'foo');
35  
-    val.should.equal('something');
36  
-
37  
-    // make sure cookie values with periods don't trump the signature
38  
-    val = utils.sign('something.for.nothing', 'foo');
39  
-    val.should.equal('something.for.nothing.s/7V7+RZexRSazB9x2sNFUyhMnrdxnnh5zmnrWZJyHA');
40  
-
41  
-    val = utils.unsign('something.for.nothing.s/7V7+RZexRSazB9x2sNFUyhMnrdxnnh5zmnrWZJyHA', 'foo');
42  
-    val.should.equal('something.for.nothing');
43  
-
44  
-    // invalid secret
45  
-    val = utils.unsign('something.8WhA0qtnmrX5qoz9Z/VgxMJ+fk24BikrI+Zqndxv54k', 'something');
46  
-    val.should.be.false;
47  
-
48  
-    // invalid value
49  
-    val = utils.unsign('somethingINVALID.8WhA0qtnmrX5qoz9Z/VgxMJ+fk24BikrI+Zqndxv54k', 'foo');
50  
-    val.should.be.false;
51  
-
52  
-    // invalid sig
53  
-    val = utils.unsign('something.INVALID8WhA0qtnmrX5qoz9Z/VgxMJ+fk24BikrI+Zqndxv54k', 'foo');
54  
-    val.should.be.false;
55  
-  })
56  
-})
57  
-
58 29
 describe('utils.mime(req)', function(){
59 30
   it('should return the mime-type from Content-Type', function(){
60 31
     utils.mime({ headers: { 'content-type': 'text/html; charset=utf8' }})

0 notes on commit 111baa5

Please sign in to comment.
Something went wrong with that request. Please try again.