Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

replace signature utils with cookie-signature module

  • Loading branch information...
commit 111baa558eef9c3854c47af293cb326c0bf8617a 1 parent 3a3799c
@tj tj authored
View
3  lib/middleware/cookieSession.js
@@ -12,6 +12,7 @@
var utils = require('./../utils')
, Cookie = require('./session/cookie')
, debug = require('debug')('connect:cookieSession')
+ , signature = require('cookie-signature')
, crc16 = require('crc').crc16;
// environment
@@ -107,7 +108,7 @@ module.exports = function cookieSession(options){
if (originalHash == crc16(val)) return debug('unmodified session');
// set-cookie
- val = 's:' + utils.sign(val, secret);
+ val = 's:' + signature.sign(val, secret);
val = cookie.serialize(key, val);
debug('set-cookie %j', cookie);
res.setHeader('Set-Cookie', val);
View
3  lib/middleware/session.js
@@ -13,6 +13,7 @@
var Session = require('./session/session')
, debug = require('debug')('connect:session')
, MemoryStore = require('./session/memory')
+ , signature = require('cookie-signature')
, Cookie = require('./session/cookie')
, Store = require('./session/store')
, utils = require('./../utils')
@@ -265,7 +266,7 @@ function session(options){
return debug('unmodified session');
}
- var val = 's:' + utils.sign(req.sessionID, secret);
+ var val = 's:' + signature.sign(req.sessionID, secret);
val = cookie.serialize(key, val);
debug('set-cookie %s', val);
res.setHeader('Set-Cookie', val);
View
7 lib/utils.js
@@ -13,6 +13,7 @@
var http = require('http')
, crypto = require('crypto')
, parse = require('url').parse
+ , signature = require('cookie-signature')
, Path = require('path')
, fs = require('fs');
@@ -134,6 +135,7 @@ exports.uid = function(len) {
*/
exports.sign = function(val, secret){
+ console.warn('do not use utils.sign(), use https://github.com/visionmedia/node-cookie-signature')
return val + '.' + crypto
.createHmac('sha256', secret)
.update(val)
@@ -152,6 +154,7 @@ exports.sign = function(val, secret){
*/
exports.unsign = function(val, secret){
+ console.warn('do not use utils.unsign(), use https://github.com/visionmedia/node-cookie-signature')
var str = val.slice(0, val.lastIndexOf('.'));
return exports.sign(str, secret) == val
? str
@@ -173,7 +176,7 @@ exports.parseSignedCookies = function(obj, secret){
Object.keys(obj).forEach(function(key){
var val = obj[key];
if (0 == val.indexOf('s:')) {
- val = exports.unsign(val.slice(2), secret);
+ val = signature.unsign(val.slice(2), secret);
if (val) {
ret[key] = val;
delete obj[key];
@@ -194,7 +197,7 @@ exports.parseSignedCookies = function(obj, secret){
exports.parseSignedCookie = function(str, secret){
return 0 == str.indexOf('s:')
- ? exports.unsign(str.slice(2), secret)
+ ? signature.unsign(str.slice(2), secret)
: str;
};
View
1  package.json
@@ -8,6 +8,7 @@
"dependencies": {
"qs": "0.5.1",
"formidable": "1.0.11",
+ "cookie-signature": "0.0.1",
"crc": "0.2.0",
"cookie": "0.0.4",
"bytes": "0.0.1",
View
6 test/cookieParser.js
@@ -1,6 +1,6 @@
-var connect = require('../')
- , utils = connect.utils;
+var connect = require('..')
+ , signature = require('cookie-signature');
var app = connect();
@@ -40,7 +40,7 @@ describe('connect.cookieParser()', function(){
})
describe('when a secret is given', function(){
- var val = utils.sign('foobarbaz', 'keyboard cat');
+ var val = signature.sign('foobarbaz', 'keyboard cat');
// TODO: "bar" fails...
it('should populate req.signedCookies', function(done){
View
29 test/utils.js
@@ -26,35 +26,6 @@ describe('utils.parseCacheControl(str)', function(){
})
})
-describe('utils.[un]sign()', function(){
- it('should sign & unsign values', function(){
- var val = utils.sign('something', 'foo');
- val.should.equal('something.8WhA0qtnmrX5qoz9Z/VgxMJ+fk24BikrI+Zqndxv54k');
-
- val = utils.unsign('something.8WhA0qtnmrX5qoz9Z/VgxMJ+fk24BikrI+Zqndxv54k', 'foo');
- val.should.equal('something');
-
- // make sure cookie values with periods don't trump the signature
- val = utils.sign('something.for.nothing', 'foo');
- val.should.equal('something.for.nothing.s/7V7+RZexRSazB9x2sNFUyhMnrdxnnh5zmnrWZJyHA');
-
- val = utils.unsign('something.for.nothing.s/7V7+RZexRSazB9x2sNFUyhMnrdxnnh5zmnrWZJyHA', 'foo');
- val.should.equal('something.for.nothing');
-
- // invalid secret
- val = utils.unsign('something.8WhA0qtnmrX5qoz9Z/VgxMJ+fk24BikrI+Zqndxv54k', 'something');
- val.should.be.false;
-
- // invalid value
- val = utils.unsign('somethingINVALID.8WhA0qtnmrX5qoz9Z/VgxMJ+fk24BikrI+Zqndxv54k', 'foo');
- val.should.be.false;
-
- // invalid sig
- val = utils.unsign('something.INVALID8WhA0qtnmrX5qoz9Z/VgxMJ+fk24BikrI+Zqndxv54k', 'foo');
- val.should.be.false;
- })
-})
-
describe('utils.mime(req)', function(){
it('should return the mime-type from Content-Type', function(){
utils.mime({ headers: { 'content-type': 'text/html; charset=utf8' }})
Please sign in to comment.
Something went wrong with that request. Please try again.